T2O media interviews Jose Maria Dutilh, Managing Partner of LEQUID and Miss. Sor Arteaga, Partner Head of IT-Law Department.
Which are the most sensitive legal issues for companies with online presence?
Companies with presence online have to be very careful with the current regulations compliance, especially regarding data protection. In Le Quid we recommend our clients to make clear in the contract the responsibilities and duties of the Data Processor and the Data Controller, have mechanisms for gathering and obtaining express consent, inform users in case of data transfer, and establish mechanisms for exercising of ARCO rights. Also, companies with presence online, must meet the LSSICE (Law 34/2002 of 11 July services of information society and electronic commerce) in the sending of commercial communications, SMS or e-mailings, obtaining the appropriate prior express consent by the user and display the word “publi” or “publicity” and in case of promotional offers (discounts, prizes and gifts) promotional competitions or games, leaving them clearly identified as well as the access conditions and, where appropriate, participation conditions to be easily accessible. Finally, we emphasize, the compliance of trademark rights and in general intellectual and industrial property rights of the content available in Internet.
Which are the most important changes to the legal level for online marketing?
Certainly, from a legal point of view for digital marketing, the most innovative aspect was the change a few days ago of the LSSICE transposing Directive 2009/136/EC (e-Privacy Directive), regulating devices, storage and retrieval data terminal equipment of the recipients (“cookies”), essential in the “behavioral advertising”. As well as changes in the recently published “Royal Decree-Law 13/2012”, 30 March, concerning to the duty of companies in business communications not to conceal and/or hide the identity of the advertiser, nor incite the recipients to visit websites without identifying the communication as advertising and identifying the legal person which makes it. Also in commercial communications by e-mail, it is required a valid email address where people can exercise the right not to receive commercial communications remaining forbidden the sending of communications if the address is not included; granting the permission to revoke consent to electronic notification of the sender´s will and to include the duty of information in an accessible way to users on the above procedures.
Another relevant aspect are the sweepstakes and online games on social networks like Facebook, where besides the compliance of the rules laid down by the referred social network you must comply with regulations and formalities foreseen in the in force games regulations.
What lesser-known legal issues you think should be highlighted?
Since Le Quid has been advising national and international clients for a long time we have noticed that sometimes our clients, online service providers, ignore mechanisms and suitable ways to obtain a valid consent, they confuse the Data controller with the Data processor roles, one in charge of the treatment and in their activities acquire or transfer data without being aware of it. Also, it is less known the desire of complying with current legislation on online gaming, to regulate the actors’ obligations such as the community manager whose opinions play a decisive role in the company´s reputation of having ways which allows a higher control in minor cases and to look up the files of generic exclusion of commercial communications (Robinson lists) which is compulsory prior to conducting advertising or commercial research campaigns. These examples are some of the legal issues often forgotten by businessmen, and the failure to comply with the law can result into considerable fines by the Agency. The lack of knowledge about the trademark law and the execution of unfair and illegal competition by the advertisers such as links to competitor’s sites or sites where the product imitation of these brands are offered. These are small spelling mistakes which take advantage of errors made by users when typing the brand are other important aspects which may be considered.
We often speak about the Internet users ´s rights, but, which are the rights of online advertisers?
The law seeks generally to protect the weakest party and in this case the internet user. However, the online advertiser has rights that sometimes unknowns such as intellectual and industrial property, protection and regulation of brands. Once the brand is registered, it is given an exclusive right to forbid the use by a third party. The law in general allows to prohibit an advertiser that, from an identical keyword or similar to the brand which have selected without owner´s consent as part of an internet referencing service, advertise products or services similar or identical to those for which the mark is registered. Online advertisers enjoy protection on their registered domains so that no other company or third party can use them. They sue or claim to companies that perform actions which constitute piracy or unfair competition acts, and if their rights are damaged, can take any legal action necessary in order that competitor ceases the anticompetitive and unfair practice. They can bring up civil and commercial actions for damages or even criminal responsibility for them.
At what point is the data protection issue?
The European Commission made recently a proposal to change the European legal framework on data protection with a new regulation on Data Protection which will undoubtedly represent the most significant change in the field and its next approval will lay the background for the data protection regulation in the coming years. It emphasizes the duty of companies and responsible for investment in data protection (with impact assessments for privacy and the establishment within the companies of a new figure called “the delegate of data protection”).
The implementation of the new regulation to non-European companies that offer their services and products in the EU; the unification of policies for public responsible and private entities; the inclusion of new criteria in the definition of what is a violation of personal data, genetic data, biometric or health data, the regulation of the right to forgetting, the specific treatments from children and the creation of the European Data Protection Council will be some of the aspects that the European Commission intend to include and will mark a before and an after in the data protection regulation for the countries of the European Union.
We must add the immediate regulation of cloud computing, the social networks in order to protect children and safeguard the rights and personal data of users, behavioral marketing in the regulation of cookies and the right to forgetting, to allow individuals who desire and request to eliminate their personal data from the search engines and social networks.
Escribe texto o la dirección de un sitio web, o bien, traduce un documento.
In practice, important initiatives such as the modification of Google or Facebook privacy policies or the audit of data protection that Facebook has had in Ireland are signs that this matter will be very important.
Which are the basic recommendations for any company operating on internet?
In Le Quid we recommend to our clients who express their desire to operate online, to ensure the fulfillment of legality in all actions and activities carried out.
The regulation of cookies should be taken into account too. Activities in relation to advertising on search engines should ensure that these activities or actions do not violate the intellectual property, trademark law and do not constitute unfair competition practices.
While working with social networks, you must ensure that at all times all the expressions and comments to users are respectful. Also, in the case of commercial communications, you must have clear information and obtain prior consent. In general, we recommend reviewing the process within the organization and ensure that these are effective. From our experience we can say that the first thing a company operating on the Internet should do is a review and audit of their processes to detect to what extent can improve them and adapt them to the LOPD, LSSICE, consumption or intellectual property, being vital hiring an expert to do this. In our office, we have observed that some companies have asked for our advice after they have been punished.
Of course, we are able to defend them but it is advisable to prevent and avoid unnecessary fines. The knowledge of law and good legal advice and support from the beginning makes the difference between companies and helps to act correctly and avoid future sanctions.
What about social networks?
Social networks with an exponential growth are the means to reach thousands of users quickly and at very low cost. It is very useful in the e-commerce field and online marketing. Nevertheless, we should alert about the huge amount of data available from us, our friends, customs and even our location, IP address, browser type, websites we have visited and so on. This allows them to understand easily tastes, preferences and profile of the user, whose data can be easily transferred to third parties, and even worse, may be obtained from security breaches, as has happened in recent years. This has allowed changes to the privacy policies of social networks like Facebook with deeper penetration. We believe are still inadequate in terms of the guarantee and protection of data protection rights and privacy. However, there are good examples such as Sonic and LinkedIn who are closer to fulfilling the essential principles in the configuration of data protection law at European level such as the consent, information, purpose, data quality, ensure the security levels and allow the exercise of rights of access, rectification, cancellation and opposition.
Definitively, it is possible that not in a very distant future with the normative changes like the protection of information and the increasing demand and the need of the users of a major protection and security, social networks will be forced to change their privacy policies and to implement better security, especially if they stay in the market. Their next opponents like “Altly” (alternative to open-source Facebook), point out on the security and data protection. Users should know exactly who can see which information from the network and the control of information “should be in our hands and its exercise should be extremely simple.” Beyond any subjective assessment, social networks will have to adapt to the idea that many users do not want to share their private life and in the next future there will be more regulation and intervention by regulatory authorities, like in the regulation of minor details, the right to forget and new online games on social networks.
Which is the future of cookies, key allies of online marketing?
The “Royal Decree-Law 13/2012″, 30 March, was recently published and transposes directives on internal markets in electricity, gas and electronic communications by adopting measures for the economic imbalance correction between costs and the electricity and gas revenues. ”
The above mentioned Decree specifies in its Article 4 the modification of the Law 34/2002 referred to the company of the information and electronic commerce services (LSSICE) regulating the cookies of the article 4.3. That gives a new draft to the article 22.2 of the LSSICE, standing out a new aspect “the need of consent” as well as the information foreseen in the LSSICE.
From the point of view of the European regulator the message is clear, prior consent is a basic requirement. The working group of the Art. 29 clarified it on several occasions where the privacy topic will have to be considered by the companies.
The above mentioned regulation means an important milestone in the behavioral advertising. It will be necessary on the part of the advertisers to provide some mechanism such as a box where the user authorizes the installation of cookies on their devices, whose application in practice will be very difficult and the implementation will be late.
Finally, it should be noted that the competent body of knowing the possible infractions for the breaches of the new regulation is the Spanish Agency for Data Protection. It will have to establish examples of valid mechanisms for the compliance of the new legal framework. In others countries like the UK generous terms have been granted to adapt their websites.
In any case, it will be necessary to pay attention to the Agency´s reaction against the new regulation of the cookies. We also recommend modifying the privacy policies to fit the new regulations and take all necessary measures to avoid any penalty.
Likewise, it must be noted that the rule regulates “storage devices and data recovery of information in the terminal equipment’s of the addresses”, and not only the cookies that are a speciality within the gender.
Internet is global … in what measure the legislation is local?
Internet is global, but it is very difficult to have global laws that apply equally to everyone even if that is the trend especially in the EU countries. In some of the Common-law countries (especially The United States) the regulation is local and much more flexible than in the EU countries.
In general, the regulation of the procedure related to Internet in the EU is standard. The trend is that the same ones will be charged to lenders of services in our territories even though they are established in countries out of the EU.
Therefore we are inclined to think that the above mentioned local laws will slowly start to give in and make changes if they want their companies to have the same competitive advantage than the rest.
Therefore, we prefer to think that these local laws will have less to transfer and to start introducing changes if they want their companies to enjoy the same competitive advantage than the rest.
If we want an unique digital market to grow, the unification of the regulation is necessary and in Europe we are giving big advances in it. Local legislations will have to yield and change. The search engines must assume at once that Internet is not a territory without law.
Which are your forecasts for the future: in which areas there will be more changes?
A lot of changes will take place in this sector in the following months. In terms of data protection, the new European regulation will play a decisive role and will influence directly in online marketing.
These upcoming trends will happen in this dynamic and constantly evolving area, where no doubt, the information, prevention and good legal advice will make the difference between the companies.
Suscríbete a LeQuid de la Cuestión
La publicación de LeQuid sobre el mundo del Derecho en los negocios.