Contact us directly via email, phone or facsimile. If you have a specific legal issue to discuss, please give us a call and our attorneys will be available to assist you.
2016 was a year full of developments in the IP, IT and Media fields. The beginning of this New Year gives us the opportunity to look back at the key legal developments of 2016 in these areas and to be well prepared for the major projects that await us in 2017.
After 4 years of negotiations, the final “Data Protection Package”, which sets out new European rules on privacy in the digital age, was formally adopted by the European Parliament and Council on April 2016.
The package consists of two legal instruments, namely Directive (EU) No 2016/680 of the European Parliament and of the Council of 27 April 2016 and Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
The Directive took effect on 5 May 2016 and EU Member States have until 6 May 2018 to implement it in their national laws, while the GDPR came into force on 24 May 2016 and will be directly applicable in all Member States from 25 May 2018.
The new framework set out by the GDPR retains the major principles of data protection (i.e. fairness, lawfulness, transparency, security, confidentiality, accuracy) while introducing new rules reinforcing individual freedoms and addressing the challenges of high risk processing operations, such as big data.
The GDPR creates a set of harmonized rules within the EU and focuses on two aspects:
The new regulation will apply to data controllers/processors established in the EU but also to those not established in the EU, whenever the processing activities concern the offering of goods or services to EU residents or the monitoring of their behaviour within the EU.
For further information on the implications of the reform, please refer to our previous newsletter available here.
On 13 December 2016, following the adoption of the GDPR, Article 29 Working Party (“WP29”) provided guidelines and FAQs, particularly concerning the right to data portability and the DPO. Further guidelines on DPIA and certifications are expected in the coming months.
Following the invalidation by the Court of Justice of the European Union (the “CJEU”) of the Safe Harbour Decision, the European Commission adopted, on 12 July 2016, the new legal framework for the transatlantic transfer of personal data, called the “EU-U.S. Privacy Shield”.
The new framework, in force since 1 August 2016, enables data transfers from the EU to the U.S. As with the former system, the EU-U.S. Privacy Shield is based on self-certification, but it imposes strengthened privacy rules, notably enhanced responsibility for onward transfers, greater transparency of the self-certified companies, and safeguards against mass surveillance by the U.S. authorities.
As part of the implementation of the EU-U.S. Privacy Shield Agreement, the WP29 recently confirmed that it will take on the role of the EU complaint-handling body set up under this agreement.
On 19 October 2016, the CJEU ruled that, under certain circumstances, IP addresses constitute personal data.
The question before the court was whether a dynamic IP address, registered by an online media services provider when a person accesses the website of that provider, constitutes personal data where only a third party (e.g. the internet service provider (“ISP”)) has the additional data necessary to identify the user.
A dynamic IP address changes each time there is a new connection to the Internet. It does not enable the direct identification of an individual user, unless additional information is available.
The Court reached the conclusion that a dynamic IP address amounts to personal data in the hands of a website provider under the EU law as long as the website provider has the “legal means” of gaining access to the information held by the ISP in order to identify the user.
In December 2015, the European Parliament finally approved the European trade mark reform package which includes Regulation (EU) No 2015/2424, amending the current Community trademark regulation, and Directive (EU) No 2015/2436, aiming at further harmonizing the laws of the EU Member states relating to trademarks.
The Regulation came into force on 23 March 2016 and the Directive will have to be transposed by Member States before 14 January 2019 (or 14 January 2023 for some of its provisions).
The reform aims at strengthening the rights of brand owners and includes significant changes, particularly the following:
On 17 December 2016, the legislator ratified two Protocols signed on May and December 2014 amending the Benelux Convention on intellectual property.
The major amendments are as follows:
This proceeding may need to be reviewed in the next few years so as to ensure its compliance with the provisions of Directive (EU) No 2015/2436, which requires Member States to implement administrative cancellation proceedings (Article 45 of the directive).
On 27 May 2016, the Council of the European Union adopted Directive (EU) No 2016/943 establishing for the first time common rules on the protection of trade secrets across the EU. Presently, trade secrets do not enjoy an equivalent level of protection within the EU. The Directive aims, therefore, to reduce these disparities in order to stimulate innovation-related activities and foster competition within the EU.
The Directive governs only civil remedies. The main provisions of the Directive concern:
The Directive came into force on 5 July 2016 and Member States must incorporate it into their national law by 9 June 2018.
On 17 February 2016, the legislator enacted a new law to promote out-of-court settlements of consumer disputes. This law applies to disputes arising from sales or service contracts between a trader established in Luxembourg and a consumer residing in the EU (including Luxembourg), and transposes Directive No 2013/11/EU obliging EU Member States to create alternative dispute resolution (“ADR”) entities for consumer disputes.
Whilst this law does not prescribe a general obligation to use ADR, traders who commit to or are obliged, due a sectorial regulation, to use ADR procedures for resolving their dispute with consumers, must provide consumers, prior to the conclusion of the contract, with specific information.
For further information, please refer to our previous newsletter available here.
On 23 December 2016 a new law and regulation implementing Directive (EU) No 2014/17 of the European Parliament and of the Council of 4 February 2014 on credit agreements for consumers relating to residential immovable property was adopted.
These two texts, integrated into the Consumer Code, set out a specific legal framework for real estate credit agreements. Before this, the Luxembourg Consumer Code only regulated consumer credit agreements.
The Grand-Duchy of Luxembourg had to amend the existing framework on commercial practices and unfair competition as certain provisions of the amended Law of 30 July 2002 regulating certain commercial practices were deemed contrary to EU law by the European Commission.
As a consequence, this law was abolished on 23 December 2016.
The new law governs misleading and comparative advertising, as well as shop sales and pavement sales.
Sale below cost, lotteries, competitions, promotional draws, chain transactions, and acts of unfair competition are no longer covered by this new law. They may, however, be prohibited under other laws.
As a reminder, the favourable Luxembourg IP tax regime was repealed on 1 July 2016 in order to comply with the “Modified nexus approach for IP regimes” agreed by all OECD and G20 Countries on 5 February 2015.
Tax-payers already benefitting from the IP tax regime would continue to benefit from it until 30 June 2021. New entrants also benefit from the previous tax regime until 30 June 2021 for IP rights developed or acquired under certain conditions before 1 July 2016. Consequently, rights acquired/developed after this date do not benefit for the time being from the IP tax regime.
Currently, there is no indication as to the adoption of a replacement regime compliant with the “nexus approach”.
A new law facilitating compensation for the victims of anti-competitive practices came into force in December 2016.
This law implements EU Directive No 2014/104 of the European Parliament and of the Council of 26 November 2014, and introduces several provisions making it easier for victims of anti-competitive practices to prove the fault of an undertaking violating competition, particularly by establishing a presumption of harm deriving from anti-competitive agreements.
The law also contains guidance concerning the calculation of damages incurred by the victim.
As part of the Digital Single Market Strategy, the European Commission launched, between 12 April 2016 and 5 July 2016, a public consultation on the current text of the ePrivacy Directive with a view to its reform.
The review will take into account, inter alia, the following issues:
In July 2016, the European Data Protection Supervisor published a preliminary opinion on the review of the ePrivacy Directive (available here).
On 10 January 2017, the European Commission adopted a draft regulation to replace the 2009 Directive (for more details, see https://ec.europa.eu/digital-single-market/en/proposal-eprivacy-regulation).
The Commission is excepting this regulation to be adopted by the European Parliament and the Council by 25 May 2018, when the GDPR will enter into application.
As a reminder, the transfer of personal data outside the EU is only possible to third countries that ensure an “adequate level of data protection” in terms of protection of the private life and basic freedoms and rights of individuals. It is up to the European Commission (“EC”) to decide whether a third country ensures an adequate level of protection.
Transfers of personal data to a country which does not offer an adequate level of data protection are not impossible but may require the prior authorization of the competent national data protection authority (“DPA”).
Such authorization is likely to be given when the data controller has entered into data transfer agreements, based on the EC-approved model clauses (i.e. the Standard Contractual Clauses, “SCC”) with companies located outside the EEA to which it wishes to transfer personal data.
On 16 December 2016, the EC published two decisions amending its (i) previous decisions on SCC and (ii) adequacy decisions on third countries, in order to remove any illicit restriction on the DPA’s powers, and so to minimise the risk of these decisions being invalidated, as was the Safe Harbor Decision in October 2015, by the CJEU.
Further modifications of these decisions are expected in the near future so as to comply with the forthcoming GDPR.
Furthermore, the EC will engage proactively in discussions on reaching adequacy decisions with key trading partners in East and South-East Asia, starting with Japan and Korea in 2017, together with interested countries of Latin America and the European Neighborhood.
A draft law No 7052 amending the Law of 27 February 2011 on electronic communication networks and services was submitted to the Chamber of Deputies in September 2016.
The idea of this bill came from serious concerns that mobile prepaid cards could be used to prepare or to carry out terrorist attacks.
In the aftermath of the Paris attacks, several telecom operators agreed to change their practices and to sell prepaid mobile cards only to buyers who agreed to identify themselves.
There are, however, still numerous anonymous mobile prepaid cards which were activated before the new practices took effect.
Therefore, the aim of the draft law is to put an end to the anonymity of mobile prepaid cards, by obliging those telecom operators which provide mobile prepaid cards services to collect and register certain personal data about the person to whom the service is provided, before the provision of the service.
This draft law is still under examination.
The draft law No 7049 amending the Law of 2 August 2002 on the protection of persons with regard to the processing of personal data aims at facilitating the transition to the GDPR regime.
The main goal of the proposal is to simplify the formalities of prior authorisation regarding processing activities for supervision purposes and transfers of personal data to third countries.
This draft law is still under examination.
Currently, the consequences of Brexit on the unitary IP rights (i.e. EU trademarks, EU designs and Unitary patents) are uncertain and will depend on the terms of the international agreement to be negotiated between the UK and the EU. It is estimated that Brexit will not be effective before 2019.
European Union trademarks (“EUTM”) and Registered Community Designs (“RCD”) will continue to be valid in the UK as long as the UK remains a full member of the EU.
There is no clarity over the validity of EUTM and RCD after Brexit becomes effective. The British government is currently analysing various scenarios and will launch a consultation with the users of these systems in order to adopt an appropriate solution.
As a reminder, the European patent with unitary effect will be a European patent, granted by the European Patent Office under the provisions of the European Patent Convention, to which unitary effect for the territory of the 26 participating states is given after grant, at the patentee's request.
It will coexist with pre-existing national patents and classical European patents, which do not have a unitary effect. Therefore, Brexit will not affect European patents.
The new unitary patent regime is not yet in force. It can come into effect only when at least thirteen member states have ratified the Agreement on the Unified Patent Court (the “UPC”), including France, Germany and the UK. As of today, 11 countries have ratified it, including France.
On 28 November 2016, the UK government stated its intention to ratify this agreement. This means that the unitary patent regime is likely to become effective in the upcoming months, subject to thirteen ratifications, including from Germany.
The Commission is currently rolling out a major modernisation of the EU copyright framework, to make the EU copyright rules fit for the digital age.
The reform consists in five texts, including:
The reform focuses on the following main objectives:
These legislative proposals will be discussed by the European Parliament and the Council in early 2017.
On 26 February 2014, the EU adopted, a Directive on collective rights management and multi-territorial licensing of rights in musical works for online use (2014/26/EU).
The Directive aims at ensuring that rightholders have a say in the management of their rights and envisages a better functioning of collective management organisations as a result of EU-wide standards.
The new rules will also ease the multi-territorial licensing by collective management organisations of authors’ rights in musical works for online use.
This Directive was supposed to be transposed into Luxembourg law by 10 April 2016, but no draft law has yet been submitted to the Chamber of Deputies
Currently, the sale of medicine in Luxembourg is authorised only in pharmacies. A draft law No 6943 submitted to the Chamber of Deputies in February 2016 aims in particular to legalise the online sale of medicine not subject to medical prescription.
In order to ensure the security and health of patients, the draft law imposes several conditions concerning the online sale of medicine, particularly:
This draft law is still under examination.
 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016, on the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data
 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, or “GDPR”), which reforms and repeals the Directive 95/46/EC on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
 Case C-582/14, judgement of the Court of 19 October 2016
 Regulation (EU) No 2015/2424 of the European Parliament and the Council amending the Community trade mark regulation
 Directive (EU) 2015/2436 of the European Parliament and of the Council of 16 December 2015 to approximate the laws of the Member States relating to trade marks
 Law of 30 July 2002 regulating certain commercial practices, penalising unfair competition and transposing Directive 97/55/EC of the European Parliament and of the Council amending Directive 84/450/EEC concerning misleading advertising so as to include comparative advertising
 Law of 23 December 2016 regarding shop sales, pavement sales and misleading and comparative advertising
 The law of 5 December 2016 on certain rules governing actions for damages as a result of infringements of competition law and amending the amended law of 23 October 2011 on competition
 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector
 Public Consultation on the Evaluation and Review of the ePrivacy Directive, https://ec.europa.eu/digital-single-market/en/news/public-consultation-evaluation-and-review-eprivacy-directive