Why the restyling of the Insight Logo?

The change in the wording of the "Insight" sign with the insertion of four green dots celebrates the fourth year of activity of the Firm, which since its founding has continued to grow and establish itself in the international legal market. The use of "green", the colour of the previous trademark, is a symbol of continuity and quality of the service offered, while the chromaticism represents the dynamism that characterizes us.

The creation of this new distinctive sign in the fourth year of the Firm's activity coincides, as it already emerges at a first glance, with the beginning of our partnership with de Dominicis & Mayer, a historical Milanese firm of industrial and intellectual property consultants. This is a real fusion in practical terms between legal and technical expertise which, combined with the cross experience of different cultures, allows us to offer our clients an all-round service, while preserving the advantages of an agile structure.

Brand restyling: it's not just a matter of taste

In the last few years, we have become familiar with the concepts of restyling and rebranding[1], just think of how the symbols on the jerseys of our favourite teams have changed over time, or how different the current login screens of the most widely used social media sites look compared to their beginnings.

Sometimes it is a question of minimal changes, while other times of actual upheaval. Let us try to put ourselves on the other side of the table and see what may lie behind the decision to renew the image of one's own company and what consequences, including legal ones, this may have.

Let us start with the main functions of the trademark.

For the entrepreneur, the brand serves to establish a link in the mind of the consumer between a positive shopping experience and the subject who provided the product or service, so that the customer can repeat the purchase in the future. For the consumer, the brand is useful in guiding him choice among many products in the same category, both because the consumer knows what to expect in terms of quality and because trust in the brand will allow time saving in identifying the product that is of interest.

In evaluating a possible redesign of the brand, therefore, the owner of the sign must ask whether and how a redesign can facilitate or impede these functions. The key is to enhance one’s own credibility. A restyling is well done if it communicates a sense of continuity with the quality of the past, making known the firm's propensity to keep up with the times.

On the other hand, change does not always constitute a winning strategy: there are some famous cases[2] in which supposed actions of brand "modernization" have turned out to be unsuccessful.

The main indicators that reveal the adoption of wrong choices in the phase of reworking one's image are the confusion generated in the consumer and the debasement of the credibility that was previously gained.

Confusion, when consumers are no longer able to immediately recognize whether the product or service they are considering comes from that company or another. In this regard, a strong discontinuity in the company's distinctive sign should be carefully considered: the brand encourages a habit of consumption, which risks deteriorating if excessively destabilized.

Debasement of acquired credibility, when the brand as such is clearly referable to the same company, but instead of underlining its renewal and projection towards the future, it generates a feeling of weighting and involution.

At this point, it is necessary to make an important distinction: in fact, modifying the brand has a different impact depending on whether the company involved sells products/services or is a company that "lives" on the attention of its users, such as large social media or search engines.

In the first case, certainly the attention given to its image, although important, is secondary in comparison to the quality and efficiency of the product/service offered. In the second case, on the contrary, the business model is based on monopolizing the attention of users, so innovating and making their brand interesting becomes an integral part of business strategy.

Before embarking on a restyling operation, it is good to understand the reasons behind this choice and the message that is intended to be communicated. Usually, through restyling, companies aim on the one hand to increase the level of engagement with the outside world, which is asked - via the operation of renewal - to pay attention to the products and services on offer. On the other hand, it is a useful tool for communicating important changes characterizing the company, such as the expansion of the business sector, a new commitment to social issues, the acquisition of new industrial techniques, etc..

Turning now to the legal aspects, when the restyling concerns a registered trademark, the issue of the management of the transitional phase from the old to the new sign arises.

Firstly, it is important to know that any changes to the trademark, even if minimal, will make it necessary to proceed with a new filing at the competent national and international offices, if the intention is to register the aforesaid mark (which is certainly recommended). The decision to proceed with a new filing also brings with it the need to ask oneself whether - once the previous trademark has reached the expiry of the 10 years from registration - it is advisable to keep both trademarks registered or proceed only with the most updated one.

Certainly, the maximum protection is offered by registration, but our legal system also offers protection to unregistered trademarks already known on the market, so-called "de facto trademarks", guaranteeing that similar or identical trademarks cannot be registered. In this sense, even if the registration of a previously used trademark is not renewed, it will still be possible to obtain its protection by demonstrating its use and reputation.

In addition to the matter of registration, the restyling operation must be supported by an adequate prior art search, so as to avoid causing infringements of another person’s distinctive signs. This is particularly true when the renewal of the trademark is not limited to minor alterations but includes the insertion of new figurative elements or colours that were not previously used.

Telling people about yourself is an integral part of doing business, and the main tool for achieving this is the brand. If it is essential to seize the opportunity to communicate the changes in your company through a restyling operation for it to be successful, it is equally essential to take due care in carefully examining all aspects, from the most commercial to the legal ones.

[1] We talk about rebranding when the distinctive signs are completely rethought to reflect a new conception of the product or of the company.
[2] GAP case: the brand was withdrawn soon after its release because it was unanimously considered a clear worsening of the historical brand.


Non Fungible Tokens: a unique opportunity, but for who?

During the last few months there has been a matter that has generated great interest among finance professionals, Youtubers and the most famous art galleries: we are of course talking about NFTs, which is an acronym for “Non Fungible Tokens”.

To understand what NFTs are, it is necessary to consider first the technology that lays at their foundation, namely blockchain.

In summary, blockchain refers to a database – meaning a group of data organized in accordance with defined criteria – which is formed by “blocks”, that is sequences of individually identifiable information which, instead of being stored in a single central server, are distributed in identical replications on the terminals of those who have installed the related computer protocol.

Those who access and partake in the blockchain, which is open and freely accessible by anyone, can find information presented in numerical sequences which acquires value inasmuch as it is certain and basically unchangeable. This result is achieved via several levels of protection, the first of which is that altering a single block necessarily requires “reprogramming” the sequence of the entire chain, which is made even more difficult by the presence of cryptographic instruments.

The unchangeable nature of the individual blocks of information guarantees the reliability of transactions which are carried out by exchanging the blocks, without the need for an external entity to check or approve those transactions.

In this sense, it is clear why this technology has found widespread use in the field of digital currency: every transaction that is performed on the blockchain is registered in the individual blocks in full transparency, without fear of theft or manipulation.

Within this context, NFTs perform an additional function, which is to enable the transfer of this certainty – attributable to each individual block of the blockchain – to other digital contents, such as images, videos, and GIFs. Instead of exchanging something similar to a coin, which carries a certain value but may be exchanged with anything else, thanks to NFTs it is possible to transfer a good which is un-substitutable (for example, let us think of a collector’s item).

The advantage that such technology may have is evident, insofar as it eliminates the need to perform long checks for establishing the authenticity of information or digital content, especially if we consider the importance of digital databases managed by public entities.

For this reason, renown artists and other famous people have begun offering for sale on dedicated digital platforms their videos, artistic creations of various kinds and even mere tweets, all of which has been “transformed” into NFTs.

The feedback from the public has gone beyond any expectation, thereby generating great profits, in some cases even in the range of millions[1]. In exchange, purchasers have obtained ownership of those videos, images, and so on.

NFTs therefore appear to be introducing a new horizon of possibilities for the world of artistic production because they can guarantee in the digital world – which, by definition, is a world of identical copies subject to unlimited reproduction – the existence of a single original that remains unchangeable in time.

Also, thanks to NFTs content creators now have a source of revenue as well as an easy-to-use instrument that allows them to prove ownership over their works and, at the same time, to transfer the right of ownership to third parties.

A space in which NFTs are already used is that of online gaming, where players can buy weapons or other “unique” objects to be used or exchanged during gaming sessions. However, it is also reasonable to speculate a wider use of NFTs in the field of industrial property; for example, let us think about the possibility of using such instrument in order to prove the prior use of an industrial machine, thereby invalidating a third party patent and transforming in NFT the related YouTube video which would come to represent unalterable and unassailable evidence of the prior divulgation of the machine within the market.

That being said, there are some aspects surrounding NFTs that would need to be further analysed and kept into consideration.

Firstly, the authenticity and ownership of NFT content is in turn based on declarations of the interested parties, who in general should be the authors or at any hand the owners, or licensees, of the rights of economic exploitation over the work. Currently, there are platforms where users are asked to register and that enable the execution of transactions which guarantee transparency as to the actual ownership of contents, but in theory anyone could create an NFT that incorporates digital content belonging to someone else. There is no initial check on the actual ownership of the asset which the user intends to transfer via NFT and this is a circumstance that may lead to disputes concerning the property of the content being transferred.

Further clarification is also necessary with regard to the tax regime applicable to such instruments (especially as concerns the possible profits obtained via NFT sales) before they become a widespread tool in the creative sphere.

Finally, another point to be considered concerns the rights of consumers who, after having made a purchase, do not have the possibility of retracing their steps by exercising their right of withdrawal which is provided for distance purchases (including of course online purchases).

Once we set aside the euphoria – which at times has been mostly speculative – that has been brought about by these new instruments, in our view NFTs may represent a potential shift in our lives, especially with regard to all those services and goods that are premised and require a certification of authenticity of information and digital contents, such as ownership, origin, rights of temporary utilization.

However, in order for these instruments to be used on a widespread scale, it is necessary that – on the one hand – platforms introduce and guarantee an efficient system of checks as to the ownership of the transferred asset in order to avoid possible disputes, and – on the other hand – it is also necessary that the legislator intervene so as to provide for specific guarantees to protect purchasers (like the aforementioned right of withdrawal) and, in general, a coherent ad hoc regulatory system (which should include, among other things, a tax regime adapted to the nature of NFTs).

[1] A famous case is that of the artist Beeple, who sold via the auction house Christie’s his work “Everydays: The First 5000 Days” at a price exceeding USD 69 million, and that of Jack Dorsey, the founder of Twitter, who sold the first tweet in history at a price of USD 2,9 million.


European Green Certificate: freedom of movement in Europe during the pandemic

It's called the European "Green Certificate," but actually you can read it as "Covid-19 Pass". It purports to make movement of citizens within the European Union easier, as well as to contribute to the containment of the spread of the Sars-CoV-2 virus.

Let's try to understand what are the features of the green certificate, who will issue it and what guarantees it will have in place for the protection of personal data, including sensitive data.

1. Premise

On 17 March 2021, the European Commission proposed the introduction of a European "Green Certificate", which aims to allow the exercise of the right of free movement of citizens – as provided under Article 21 of the Treaty on the Functioning of the EU (TFEU) – during the Covid-19 pandemic. This certificate would be issued by each Member State, in digital and/or paper format and would have the same legal value throughout the EU.

However, to speak of just one "Green Certificate" is not correct. Indeed, as explained in the Proposal for a European Regulation published by the EU Commission[1], there are three different types of certificates that may be issued:

i. “Vaccination certificate": namely an attestation certifying that a person has received an anti Covid-19 vaccine authorized for marketing in the EU;

ii. "Test certificate": a certification that an individual has tested for Covid-19, via an antigenic or molecular test (as long as it is not self-diagnostic) which has returned a negative result;

iii. "Certificate of recovery": a document proving that a person who had been diagnosed with Covid-19 has subsequently recovered from it.

Each certificate will be in the official language of the relevant Member State and in English, it will be free of charge and will be issued by duly authorized institutions/authorities (e.g., hospitals, diagnostic/testing centres or the health authority itself).

2. How does the certificate work?

The certificate has a "QR (Quick Response) code" containing essential information about its holder, a digital signature that prevents forgery and a seal that guarantees its authenticity.

When a European citizen enters a Member State of which he or she is not a native, the institutions and/or competent authorities of that State will scan the QR code on the certificate and verify the digital signature contained therein. This verification of the digital signature will take place by comparing it with the signature keys held by the institutions/authorities of the State of destination, which will be stored in a secure database of each State.

In addition, a single "gateway" managed by the EU Commission will be made available at an EU level, via which the digital signatures of green certificates may be verified throughout the EU.

3. Processing of personal data contained in the certificate

Each certificate - whether related to vaccination, test or recovery - will contain a series of information relating to the person to whom it refers such as, for example: name, surname, date of birth, date of vaccination, result of the antigenic/molecular test, diseases which he/she has recovered from. This is information that falls under the definition of "personal data" pursuant to art. 4 of Regulation 679/2016 ("GDPR") insofar as it relates to an identified natural person and, for this reason, must be processed in accordance with the principles and guarantees provided by that Regulation.

In this regard, it is appropriate to summarise the most important contents of the opinion dated 31 March 2021 that the European Data Protection Board ("EDPB") and the European Data Protection Supervisor ("EDPS") provided to the EU Commission regarding the green certificate.

a) The processing of personal data contained in the certificates should be carried out only for the purpose of proving and verifying the vaccination, negativity or recovery status of the holder of the certificate and, consequently, to facilitate the exercise of the right of free movement within the EU during the pandemic.

b) In order to facilitate the exercise of privacy rights by the data subjects, it would be advisable for each country to draw up and publish a list of the persons authorized to process such data as data controllers or data processors and of those who will receive the personal data (in addition to the authorities/institutions of each Member State competent to issue certificates, already identified as "data controllers" by the proposal for a Regulation at issue).

c) The legal basis for the processing of personal data in the certificates should be the fulfilment of a legal obligation (art. 6, para. 1, lett. c of GDPR) and "reasons of substantial public interest" (art. 9, para. 2, lett. g of GDPR).

d) In accordance with the GDPR principle of "storage limitation" of personal data, retention of data should be limited to what is necessary for the purposes of the processing (i.e. facilitation of the exercise of the right to free movement within the EU during the Covid-19 pandemic) and, in any case, to the duration of the pandemic itself, which will have to be declared ended by the WHO (World Health Organization).

e) The creation of EU-wide databases will be absolutely forbidden.

4. Critical remarks and conclusions

In addition to the innovative implications of the proposed Regulation, there are certain aspects which deserve further study or, at least, clarification by the European legislator in order to ensure the correct application of the new European legislation.

a. Issuing and delivery of certificates

The proposal for a Regulation provides that certificates are "issued automatically or at the request of the interested parties" (see Recital 14 as well as articles 5 and 6). Therefore, as also pointed out by the EDPB and the EDPS, the question is whether a certificate:

i. will be created and then delivered to the individual only if expressly requested by the latter;
or if, on the contrary
ii. such certificate will be created automatically by the competent authorities (e.g., as a result of vaccination) but delivered to the individual only upon his/her express request.

b. Possession of a certificate does not prevent member states from imposing any entry restrictions

The proposed Regulation provides that a Member State may still decide to impose on the holder of a certificate certain restrictive measures (such as, for example, the obligation to undergo a quarantine regime and/or self-isolation measures) despite the presentation of the certificate itself, as long as the State indicates the reasons, scope and period of application of the restrictions, including the relevant epidemiological data to support them.

However, one may wonder if these restrictions and their enforcement conditions will be defined at European level, or whether their identification will be left to each State; in the latter case, this would involve accepting the risk of frustrating the attempt of legal harmonisation pursued by the proposed Regulation.

c. The duration of the certificate

The proposed Regulation provides that only the "Certificate of recovery" must also contain an indication of the validity period. Therefore, once again we may wonder what will be the duration of the other two certificates ("vaccination" and "test") and how it will be possible to ensure the accuracy of what is attested by a certificate after a certain period of time from the date of issuance (for example, let us think about the various cases of positivity found after the administration of a vaccine or the so-called "false negative / positive" cases).

d. The obligations of the certificate holder

What are the obligations of the certificate holder? For example, if a certificate has been issued attesting a Covid-19 negative result and, after a few months, the holder finds out that in fact he or she is positive, would the holder be obliged to apply to the competent authorities/institutions of his/her country in order to have the certificate revoked? Furthermore: in the event that the holder tries to use a false certificate for entry in another Member State, what sanctions would he/she have to face?

e. The protection of personal data

The new proposal for a Regulation tasks the Commission with adopting, by means of implementing acts, specific provisions aimed at guaranteeing the security of the personal data contained in the certificates.

However, given the extremely sensitive nature of the data in question, will the EU Commission also ask for a prior opinion from the Data Protection Authorities of the Member States? Perhaps it would be useful to ensure, also in this context and with specific reference to the privacy documentation to be provided to the data subjects prior to the issuance of certificates, a quasi-unanimous European approach in order to prevent the possible dilution of the guarantees provided under Regulation 679/2016 ("GDPR").

In conclusion, this is a proposal which, if implemented with due care, could contribute greatly to the return to a somewhat normal life; however, it is feared that without a particularly detailed regulation on this matter, a high risk of making cross-border movements even more complex would ensue, also considering that each State would most likely adopt further measures regarding the regulation of this certificate.

[1] https://eur-lex.europa.eu/resource.html?uri=cellar:38de66f4-8807-11eb-ac4c-01aa75ed71a1.0024.02/DOC_1&format=PDF.


Vaccine delays: legal solutions for technical problems

Delays in the deliveries of the Astra Zeneca vaccine doses are raising doubts among the public (and among politicians) about whether vaccination plans laid out by governments can be met.

For these reasons, alternative solutions are being considered from many quarters, and recently in Italy the debate seems to have shifted to patents that protect vaccines, which are considered by many to be an obstacle to public health.

Indeed, patents - like other intellectual property rights - are nothing more than monopoly rights granted to their holder for a period of twenty years during which they may be exploited commercially.

As is well known, the scope of these 'exclusive rights' lies in the increased welfare of the community: by rewarding inventors for a limited period of time, the community achieves the dissemination of knowledge, which otherwise would be kept hidden as much as possible.

However, the global health emergency calls for reflection on whether exclusive patent rights can be circumvented by the need to obtain patent-protected vaccines very quickly.

In other words, we should ask ourselves whether, in this situation of absolute necessity - where the health of citizens is at stake - it is reasonable to persist in looking exclusively after the interests of the patent holder rather than those of the community.

Take, for example, the case of the well-known Astra Zeneca vaccine, for which the owner company was unable to secure production on time and in the quantities that were originally planned.

For such reasons, in Italy it has been suggested that companies equipped for this purpose could be granted the extraordinary right to produce this vaccine even if they do not hold the patents, obviously upon payment of a royalty in return.

This solution would allow for avoidance of possible failures by pharmaceutical companies, which would in any case receive financial compensation for their research and inventive activity.

More generally, the proposals made and discussed were as follows:

  1. require large multinational patent-holding companies to grant 'compulsory licences' to companies that can produce vaccines of similar quality;
  2. suspend the efficacy of the patent, so that anyone can use the knowledge protected by it to produce vaccines until the health emergency continues;
  3. expropriate the holders of patents on vaccines by transforming them into state property, against payment of fair compensation.

Such proposals are supported by several legal bases, first of all the international treaty known as the "TRIPS Agreement"[1], which provides for the possibility for the adhering states to impose compulsory licenses for the manufacture and export of medicines to countries that do not have a sufficient production capacity of their own.

The difficulty in using this instrument lies in the fact that it was designed to provide support to developing countries that do not have the domestic resources to buy expensive foreign drugs (the case of the HIV drug in Africa is well known).

Its application appears more difficult in countries such as Italy, which is developing its own vaccine and has the resources to buy vaccines produced abroad.

On this point, mention should also be made of article 141 of the Italian Industrial Property Code[2], which provides for the power of the Italian State to expropriate or otherwise use patents or patent applications for reasons of public utility. The term 'public utility' indeed seems to include the current pandemic crisis.

If the hypothesis of expropriation of the patent seems disproportionate or in any case an excessive compression of the rights of the patent holder, the hypothesis of compulsory licenses granted in favour of third companies seems to us a reasonable and viable way to compensate for the various complications described above.

However, the practical - and therefore technical - aspect of producing vaccines against Covid 19 must also be taken into account. Indeed, there are different vaccine production methods and processes, which correspond to different measures of efficacy (for example, among the vaccines already approved by the competent authorities, Pfizer and Moderna guarantee 94-95 % efficacy, while Astra Zeneca guarantees 82.4 %)[3], as well as different abilities for providing coverage against Covid variants.

At the same time, vaccines are not the subject of a single patent, but of several interlinked patents that often belong to different parties. As a result, third-party companies would have to obtain compulsory licenses from a large number of owners, which would lead to greater organisational difficulties.

In addition, it is clear that the patents in question are based on complex, confidential know-how, which would have to be transferred and disclosed by the owners to the licensee companies as soon as possible so that the vaccine could be produced; this would, however, lead to longer production times and additional organisational difficulties.

In light of the above, the suggested and discussed route of compulsory licensing certainly seems feasible to solve the shortage and related delays in the delivery of vaccines but, in our opinion, there is a need for collaborative conduct between the owner companies and the licensees, rather than open conflict between them, all in order to safeguard the public health priority.

Moreover, the hypothesis being discussed would be immediately operational without the need for new legislative intervention, which often requires the convergence of political forces (often not easy to implement). This circumstance is certainly an incentive to be exploited in order to achieve a desirable result for the whole community within a short span of time.

[1] Articles 31 and 31bis of said Agreement, in its wording updated to the Protocol of 6 December 2005, which was enacted on 23 January 2017.
[2] Legislative Decree No 30 of 2005, as amended.
[3] https://www.aifa.gov.it/web/guest/domande-e-risposte-su-vaccini-mrna; https://www.aifa.gov.it/domande-e-risposte-su-vaccini-vettore-virale.


Internet of Things and Artificial Intelligence: the end or beginning of standard essential patents?

The COVID-19 pandemic has forced everyone into quarantine which in turn also has imposed a re-organisation of personal and working life directly within our homes.

All of this has simply proven and increased our already worrying dependence from IT means and new technologies, the use of which increased exponentially in 2020 in all sectors, even in those where this would have been difficult to imagine (let us consider, for example, court hearings done remotely via audio-video link, school distance learning, etc.).

Similarly, we are also witnessing an ever increasing digital integration in objects, devices, sensors, and daily goods which now have become a part of our everyday life.

With that being said, we should ask ourselves now what impact the current technological revolutions will have within the field of intellectual property and, in particular, within the patent sector.

In our view, the current changes will certainly bring about a rejuvenation in the field of inventions; indeed, to the extent that is of interest for our purposes, it should be noted that thanks to the decisive role of artificial intelligence and the “internet of things”, we may legitimately expect an increase in the filing of so-called standard essential patents.

It is well known that standard essential patents (SEPs) are patents that protect technologies considered to be – indeed – essential for the implementation of standards which are recognised by the relevant standards setting organisations.

These patents are already present within our life more than we imagine and in fact we use them for calling others, sending messages via our smartphone, sending files via e-mail, listening to our music playlists or simply watching our favourite TV series whilst sitting on our couch at home.

Today, the most well-known standards probably would include “Bluetooth”, “WiFi” and “5G” but, as we said above, performing any of the above actions involves dozens of standards each of which is in turn protected by the aforementioned patents.

In a recent communication sent out last November to the European Parliament, the European Commission evidenced the crucial role of standard essential patents in the development of 5G technology and the Internet of Things, for example noting that just for standards of mobile connectivity the ETSI (European Telecommunications Standards Institute) has declared more than 25.000 patent families.

However, in the same communication the Commission also evidenced the difficulties that some businesses encounter in trying to reach an agreement for the grant of licenses with the holders of standard essential patents, which consequently has determined a rise in disputes between rights-holders and users.

Indeed, it’s known that a patent is defined as essential following a sort of self-declaration by its holder to the effect that the patent is necessary and essential for the application of a standard and, therefore, by means of this declaration, the holder is available to grant a license over such patent to those who intend to utilize the relevant standard under so-called “FRAND”, namely conditions that are Fair, Reasonable And Non-Discriminatory.

What occurs in practice is that the holder of the standard essential patent, having ascertained the presence within the market of a product that uses a certain standard, will turn to its producer or distributor and ask the latter to sign a license agreement containing “FRAND” conditions.

At that point the user has no other choice but to accept the license at the conditions that have been proposed by the patent holder; indeed, unlike what happens with patents that are not standard essential where the user clearly may search for alternative solutions that do not infringe the patent, this is not possible with standard essential patents given that they concern standards used for complying with technical provisions that form the basis of millions of products and therefore allow for interoperability between such products.

Moreover, investing in the development of an alternative standard is very expensive (for example, consider the development of a potential alternative to the “Bluetooth” standard), but – even if we should assume the feasibility of developing an alternative standard – consumers would then have to be persuaded to “switch” to a new standard and substitute their devices with new ones.

The risk that this kind of situation may cause distortions within the market and especially instances of abuse on part of the holders of standard essential patents is therefore very high; indeed, those holders may decide the fate of a product within a certain market because they force all operators of that same market to use the standard upon payment of a royalty.

In order to balance the interests at play, the well-known judgment of the Court of Justice in the case of “Huawei v. ZTE” (C-170/13 of 16.07.2015) had already been issued in 2015 and provided for a series of obligations upon holders of standard essential patents, namely, among other things: a) the obligation to guarantee at all times so-called FRAND conditions in favour of potential licensees; b) the obligation of the patent holder to always warn in advance the user of the protected standard by indicating the patent that has been infringed and specifying how such violation has occurred and, if the user fails to cooperate, to commence legal proceedings.

According to the Court of Justice, if these conditions are met then it cannot be held that the holder of the standard essential patent has abused its domination position within the market and therefore no sanction may lie under art. 101 of the TFUE.

However, reality is somewhat different insofar as holders of standard essential patents still have excessive negotiating power vis-a-vis the user of the protected standard. Indeed, as already noted, the essential nature or lack thereof of a patent depends on a self-declaration given by the same holder of the patent which also establishes a “de facto” presumption of “essentiality” of the patent; this further facilitates the holders in legal proceedings because the burden of proof then falls onto the alleged infringer who will have to prove non-interference or the non-essential nature of the patent.

It should also be noted that as of now there are no provisions that protect the weak party, that is the user of the standard essential patent and, indeed, for example there are no reference criteria that clearly define conditions that are fair, equal, and non-discriminatory. In other words, the user cannot verify if the conditions that are proposed by the patent holder are actually “FRAND” and so two options become possible: either accept the conditions or rebel and start proceedings against the patent holder.

Even though the matter of standard essential patents has formed the subject of several judgments and specific calls by the European Commission throughout the years, several questions have been left open and require immediate action by the legislator in order to strengthen legal certainty and reduce the rising number of disputes within this field.

In our opinion, it would be advisable for example to create and establish an independent body that could verify in advance the essential nature of a patent before it is protected as well as to create rules that are specific, effective, and fair capable of regulating the grant of licenses for standard essential patents.

Furthermore, considering the ongoing technological revolution and the consequent increase in the use of such patents, we trust that these reforms will be introduced in a timely manner.


Facebook again in AGCM's spotlight: could an administrative fine be the solution?

On 17 February 2021, the Competition and Market Authority ("AGCM") imposed a fine of 7 million Euros on Facebook Ireland and its parent company Facebook Inc. for having failed to comply with a measure issued by AGCM on 29 November 2018. Moreover, this was the same order according to which the Menlo Park company had previously been ordered to pay a 5 million Euro fine as a result of it failing to inform its users that their personal data would be used for commercial purposes.

This additional measure - which really is just "the fine applied to the fine " - necessarily makes us think about the actual coercive force of the economic fines issued by AGCM as well as the latter's choice on insisting with fines that are similar to those already issued in 2018 despite the ascertained non-compliance - and therefore ineffectiveness - of those same fines (we have already discussed this topic in a previous article, available here).

So, could it be that the time has come to readjust the content and scope of sanctioning measures that are issued to protect the market and free competition, especially when they are aimed at giant online companies? Could one, for example, envisage a measure of the Authority that would temporarily block the online services offered until the company regularizes its position? Or could we witness the temporary removal of an application from the App/Play Store, making it impossible for the company to acquire new users? Or – again – will we see fines that are proportional to the total annual turnover of a company or its group (similar to the “GDPR” style)?

In our opinion, a concrete solution can only lie in the correct balancing of the interests at stake: on the one hand, the private interests of the multinationals who, by means of their social networks, acquire huge quantities of personal data (and, therefore, of “money”); on the other hand, the interests of online users who use the main social platforms on a daily basis, often not just for “scrolling leisure” but also for professional and business reasons.


The Italian Data Protection Authority and the 2021 inspections activity: biometric data, video-surveillance, food delivery and data breach will be in the spotlight between January and June

The Italian Data Protection Authority (DPA) has defined the boundaries of the inspection activity planned for the first six months of 2021. These will include n. 50 inspections to be conducted also by the Italian Finance Police (under delegation by the DPA) and will focus on the verification of compliance with the applicable privacy laws relating to the following matters of general interest:

  1. processing of biometric data for facial recognition also through video surveillance systems;
  2. processing of personal data in the context of the so-called "domestic video surveillance" sector and in the sector of audio/video systems applied to games (so-called connected toys);
  3. processing of personal data carried out by "data brokers";
  4. processing of personal data carried out by companies operating in the "Food Delivery" sector;
  5. data breach.

From this list two big developments emerge: in particular, this year the Italian DPA will extend its inspections also to the processing of biometric data, as well as to the processing carried out through video surveillance systems. These are two areas governed not only by the GDPR and the Privacy Code but also by various guidelines and other legal provisions, as well as by extensive case law.

Let us mention, just for example, the Guidelines of the Italian DPA on biometric recognition and graphometric signature of 2014, the renewed Article 4 of Law no. 300/1970 and Administrative Memo no. 5/2018 issued by the National Labour Inspectorate, the decision of the Italian DPA on video surveillance of 2010 and the recent FAQ on video surveillance of 5 December 2020, the national and EU case law concerning the monitoring of workers and the so-called "defensive controls", Opinion no. 2/2017 of the former Working Party art. 29 ("Opinion 2/2017 on data processing at work") as well as Guidelines no. 3/2019 of the European Data Protection Board (EDPB) on processing of personal data through video devices.

The above considerations lead us to think about the correct and complex task of identifying the privacy requirements to be met by data controllers and processors - i.e. the economic operators; indeed, especially before embarking on an activity involving the processing of biometric data or the use of video surveillance systems, it is necessary to clarify the particular circumstances of the case at issue (identifying the purposes of the processing, the security measures to be adopted, the possible involvement of any third-party providers, etc.) in order to correctly prepare the privacy documents required by the many applicable regulations (possibly with the help of specialized professionals).

Therefore, it will be interesting to analyse the results of the inspection activity of the Italian DPA to understand what will be - three years after the enactment of the GDPR - the level of compliance that the Authority will consider “acceptable” and what is the real level of compliance reached by the companies operating in our country who process special categories of personal data and use video surveillance systems.

Of course, the privacy obligations relating to the processing of biometric data or through video surveillance systems are on top of those generally required for the processing of personal data; consequently, in order to achieve full compliance with the privacy regulations in force, it is necessary not only to regulate particular areas of business activity (such as, for example, video surveillance or biometrics) but also to adopt (or rather, already have adopted) a solid internal privacy structure which - in case of inspections - can prove to the authorities that the processing of personal data carried out fully complies with the relevant legal provisions.

With particular reference to video surveillance, we would like to remind you that our Firm has developed and published on its website the quick and useful Guidelines for the installation of video surveillance systems, updated with the latest Italian and European regulations. You can consult the Guidelines here.


Sixthcontinent case: can e-commerce platforms “satisfy” legitimate expectations of users?

On 18 January 2021, the Italian Competition Authority (AGCM) announced that it imposed a fine of 1 million euros on the digital platform "Sixthcontinent" in so far as - without prior notice and arbitrarily - it prevented consumers from using the products, money and other utilities purchased or obtained on said platform including, to the extent that is of interest here, the credits accumulated by virtue of the purchases they made.

Sixthcontinent is primarily an e-commerce platform: the registered user buys on this platform shopping cards via which he can then make purchases online or directly at physical stores. For each new purchase made with a shopping card, the user receives bonuses that can be used in lieu of money to buy additional shopping cards, which allows for considerable savings. The platform in question also functions as a social network in that it allows users to interact with each other and take advantage of their virtual social relationships. Indeed, users obtain points - which may also be used for purchases - if they introduce the platform to new members, or when people connected to them (on the basis of a mechanism similar to that of "friendships" on Facebook) make purchases on the same platform.

Thus, the idea behind this business is to take advantage of the community (in this case a virtual one) by means of accumulating points and credits and then saving on the purchase of essential goods, such as food and fuel.

In essence, the contract that is signed between the platform and the user at the time of his/her registration provides, on the part of the user, the commitment to introduce the platform to as many people as possible, and on the part of the platform, to offer users a virtual environment in which it is possible to save money on purchases made.

What we should pay attention to in this case is precisely the role that the platform takes on and the relationship that it establishes with each consumer. Indeed, seeing as these platforms are proposed as instruments of savings and advantages in the purchase of goods of daily use and that they find their strength in the large adhesion of users (Sixthcontinent counts several million users worldwide), it may be said that they create trust in the public of users that is worthy of protection.

The greater the use of the platform by the user (think of the need to purchase essential goods during lockdown periods), the greater the expectation that is created within the user.

As already noted above, in just a few days the Sitxhcontinent platform rendered the shopping cards unusable, also requiring users to accept a refund in "points" instead of money. The conduct of the Sixthcontinent platform is similar to that of a bank who out of the blue decides to prevent account holders from withdrawing their money or making payments from their account.

In its decision the AGCM goes to great lengths in condemning the platform in question for having unlawfully imposed a refund on the consumer in the form of "points", without therefore having left the consumer free to choose how to receive his or her credit.

As is well known, this conduct is not in line with the rules of the Consumer Code (Legislative Decree no. 206/2005) and it is certainly not the first time that the AGCM has sanctioned an e-commerce platform for this type of conduct.

There is, however, a further insight that may be gathered from that decision, which is the intention of the authority to sanction the deceptive conduct pursued by the platform in presenting users with the alleged convenience of joining the community and its various offers, and then proceeding with the unjustified blocking of the platform itself.

In other words, the sanctioning measure of the AGCM seems to highlight the existence of an actual responsibility of the online platform towards registered users, inasmuch as it presents itself as a virtual environment where it is possible, also thanks to the interactions between registered users, to purchase essential goods at a lower price.

The platform that makes such an offer to the public creates in its users a legitimate expectation of being able to use the platform itself safely and continuously, especially for those purchases that are socially more "sensitive" because they are essential to daily life. Consequently, the aforementioned decision intends to affirm that there is an infringement of this expectation when the service offered through the platform is suddenly and arbitrarily interrupted.

What we have said leads us to reflect on two important aspects.

First of all, it is reasonable to say that there is a general contractual public commitment that an e-commerce platform undertakes towards each registered user and which cannot be arbitrarily disregarded without notice, just like any contract stipulated between two parties (in this case stipulated between two parties online).

On the other hand, it is reasonable to state that a continuous provision of services offered online, like any other service, creates a legitimate expectation towards the community/registered users, which as such can be protected and enforced by means of civil and administrative remedies offered by the legal system.


EU - UK agreement (so-called “Brexit”): the birth of the “comparable trademark”

It is well known by now that on 24 December 2020 the European Union and the United Kingdom reached an agreement for regulating their future commercial relations following “Brexit”.

This agreement seals the definitive separation between the British and European legal systems and, starting from the date of its enactment (i.e., 1 January 2021, namely the end of the transition period), the rules of European Union law will no longer apply to the United Kingdom, including those concerning intellectual and industrial property rights.

With a view to ensuring an orderly transition towards the new legal regime, the European Commission published a series of “Notices of Withdrawal” (related to the main sectors of European economy) which set out the main practical consequences that will affect the owners of intellectual and industrial property rights.

In particular, the Notice concerning trademarks specifies that, among other things, the owner of an EU trademark registered before 1 January 2021 will automatically become the owner of a “comparable trademark” in the United Kingdom, resulting as registered and subject to opposition in the United Kingdom, in accordance with the laws of that country.

This notion of a “comparable trademark” appears to be new within the field of IP rights, in so far as it was specifically introduced for the purpose of protecting those who – before the definitive withdrawal of the United Kingdom from the European Union – had obtained protection for their EU trademark which, at the time, produced effects also with respect to British territory.

The European Commission – evidently aware of the novelty of this legal concept – in the same Notice clarified that such “comparable trademark”:

      1. consists of the same sign that forms the object of EU registration;
      2. enjoys the date of filing or the date of priority of the EU trademark and, where appropriate, the seniority of a trademark of the United Kingdom claimed by its owner;
      3. allows the owner of an EU trademark that has acquired a reputation before 1 January 2021 to exercise equivalent rights in the United Kingdom;
      4. cannot be liable to revocation on the ground that the corresponding EU trademark had not been put into genuine use in the territory of the United Kingdom before the end of the transition period;
      5. may be declared invalid or revoked or cancelled if the corresponding EU trademark is the object of a decision to that effect as a result of an administrative or judicial procedure which was ongoing before 1 January 2021 (on a date following the “cloning”).

The British Government has confirmed that it will fall to the competent office of the United Kingdom to proceed without cost with the “cloning” of EU trademarks in the United Kingdom, where they will become “comparable trademarks”. It is not required of the owners of EU trademarks to file any request, nor to commence any administrative procedure in the United Kingdom, nor is it necessary for them to have a postal address in the United Kingdom for the three years following the end of the transition period.

Despite the precise description of the main features of the new “comparable trademarks”, there are – inevitably – uncertainties surrounding the practical application of this legal concept.

In particular, it is puzzling to find that the “comparable trademark” continues to be influenced by European administrative and judicial occurrences (see point e) above), which conflicts with the alleged independence of the United Kingdom from European laws and regulations.

Such inconsistencies evidently have already been noted, in so far as the Notice specifies (in a footnote) that the parties have acknowledged that the United Kingdom “is not obliged to declare invalid or to revoke the corresponding right in the United Kingdom where the grounds for the invalidity or revocation of the European Union trade mark … do[es] not apply in the United Kingdom”. It would seem therefore that the United Kingdom is invested with the power to not conform itself to European decisions.

However, it is not clear what should prevail in this “contest”: the invalidating decision of the European proceedings or British power to deny the effects of such European decision?

Furthermore, if the European proceedings – albeit commenced before the end of the transition period – should last for several years, how should the owner of the “cloned” trademark in the United Kingdom behave? Again, how are we to reconcile the existence of a “comparable trademark” – contemporaneously subject to European and British jurisdiction – with the known principle of territoriality applicable to the world of trademarks?

The situation appears somewhat uncertain and, in our opinion, it cannot be excluded that other issues concerning this new “comparable trademark” may arise in the future and form the object of open debate by those operating in the IP industry.

This is a key point that concerns not just acquired rights (which the British Government has undertaken to protect), but also the future political relations between the EU and the United Kingdom; indeed, it is interesting to note in this regard how such a seemingly innocent subject, namely trademark law, may in fact reveal the frailty of an agreement which is formally commercial but in reality turns out to be predominantly of a political nature.

In light of all the above, it would seem that the EU and the United Kingdom have chosen to follow the easiest path for protecting owners of EU trademarks in the midst of an orderly transition towards a new legal regime imposed by Brexit; on the other hand, this decision raises several legal questions, some of which have been anticipated above, which introduce a measure of uncertainty concerning the new “British hybrid” trademark.

Finally, we cannot fail to note how this new legal concept may represent an interesting precedent in the event that other Member States may decide in the future to leave the European Union. In that regard, we find ourselves before a new concept that certainly seems interesting from a legal standpoint, but potentially may also be “dangerous” from a political point of view and, as such, deserving of close attention in the coming years.


Guidelines for the installation of video surveillance systems

Updated to the Italian Data Protection Authority’s FAQs of 5 December 2020 and to the EDPB's Guidelines no. 3/2019 on processing of personal data through video devices


GENERAL RULES

  1. To comply with the principle of "data minimization": the data controller must choose the video surveillance systems to be installed and the relocation the cameras on the basis of the specific purposes of the processing and must collect and process only personal data that is relevant and not excessive for such purposes.
  1. No prior authorization by the Italian Data Protection Authority is needed for the installation of video cameras, but the data controller must carry out an independent assessment on the lawfulness and the proportionality of the processing, taking into account the context and the purposes of the processing itself as well as the risks to the rights and freedoms of physical persons.
  1. A privacy notice must be provided to the data subjects: both in a short form (through a special sign clearly visible to those passing through the monitored area - the model of this sign is available on the website of the Italian Data Protection Authority - https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9496244) and in an extended form.
  1. An autonomous assessment of the preservation periods of the images must be carried out by the data controller (in accordance with the principle of "accountability" set forth by the GDPR), considering the context and purpose of processing, as well as the risk to the rights and freedoms of physical persons. This without prejudice to the specific provisions of law that determine how long the images should be stored in particular circumstances.
  1. A DPIA must be drafted when new technology cameras or "integrated" and/or "intelligent" video surveillance systems are installed (which, for example, detect, record and automatically report anomalous behaviours or events to the competent authorities), in case of a systematic monitoring of a publicly accessible area on a large scale (e.g., highways, large shopping malls) and in the other cases provided for by articles 35 and 36 of the GDPR and by provision no. 467/2018 of the Italian Data Protection Authority.

 

SPECIFIC CONTEXTS

 


WORKPLACE
(art. 4 of Italian Law no. 300/1970)

Purposes of processing: organizational and production needs, work safety and protection of company assets.
If the employer can remotely monitor the employees' activities through the video cameras:

  • an agreement with the company trade union representatives (RSA/RSU) or the prior authorization from the National Labour Inspectorate is required;
  • it is mandatory to carry out the DPIA;
  • it is necessary to draft internal policies to be provided to the employees describing in a clear and transparent manner the methods of use of the working tools (pc, smartphone, etc.) and the possible controls that the employer can carry out over the employees;
  • it is necessary to comply with the privacy obligations under the GDPR and the Privacy Code;

***


PRIVATE PROPERTY / BUSINESS PREMISES

Purposes of processing: monitoring and protection of private property or business premises, prevention of theft and/or vandalism, etc.
Specific conditions to be met:

  • limitation of the angle of the video cameras to the areas of exclusive pertinence, excluding common areas (courtyards, ground floors, etc.) or areas belonging to third parties;
  • prohibition on film public areas or areas of public transit;

 If specific "home" cameras (so-called "smart cams") are installed within your home, it is necessary to:

  • inform any employees (housekeepers, carers, etc.) of the presence of the video cameras;
  • avoid monitoring the environments that would damage the persons’ dignity (such as restrooms, locker rooms, etc.);
  • protect adequately with appropriate security measures the personal data collected or that can be acquired through the smart cams.

***


CONDOMINIUM

Purposes of processing: monitoring and protection of the common parts of the building and in general of the individual properties.
Specific conditions to be met:

  • pursuant to art. 1136 of the Italian Civil Code, a prior deliberation of the condominium meeting is necessary;
  • the maximum period for the storage of the images is 7 days from the collection (unless there are other proven needs to extend such deadline).

 ***


PARTICULAR CATEGORIES OF PERSONAL DATA
(hospitals and clinics)

Purposes of processing: protection of the patients’ health, monitoring of particular hospital departments, etc.
If the video surveillance is used to collect particular categories of data (e.g., to monitor the patient's health), it is necessary to:

  • check the existence of a legal basis for the processing under art. 9 of the GDPR (such as, for example, the provision of health care or treatment, ensuring high standards of quality and the safety of health care, etc.).
  • pay special attention so that the collection of personal data is limited to only that data necessary for the purposes of the processing ("minimization");
  • carry out the mandatory DPIA if the processing of personal data concerning patients, disabled persons, mentally ill persons, minors and the elderly is not occasional;
  • constantly monitor the security measures (data storage systems and access to data) applied to the processing.

***


CIRCULATION OF VEHICLES

Purposes of processing: assessment and detection of the violations of the highway code.
Specific conditions to be met:

  • limitation of the relocation and angle of the video cameras to the areas necessary for the detection of violations;
  • deletion/obscuration of any images collected but not necessary for the purposes of the processing (e.g., images of pedestrians or other road users, passengers present in the vehicle, etc.);
  • performance of the mandatory DPIA in case of processing of personal data on a large scale (e.g., highways) to monitor drivers' behaviour.

***


MUNICIPAL LANDFILLS

Purposes of processing: control and monitoring of hazardous substance landfills and "eco station" (checking the type of waste dumped, the time of deposit, etc.).
Limitations:

  • only a public body/entity (not a private person/entity) is allowed to conduct the monitoring;
  • the monitoring is permitted only if alternative tools and controls are not possible or not effective for reaching the same purposes.

***


EDUCATIONAL INSTITUTES

Purposes of processing: protection of the building, of school properties therein, of staff and students, protection from vandalism, etc.
Specific conditions to be met:

  • the video cameras that capture the interior of the institutes can only be activated during closing hours, therefore not during school and extracurricular activities;
  • if the video cameras collect the images of the areas out of the school, the angle of the video cameras must be properly limited.

***


URBAN SAFETY

Purposes of processing: protection of urban safety of the public places or of the areas open to the public.
Specific conditions to be met:

  • storage of the images for a maximum period of 7 days after the collection, unless there are special preservation needs for a longer period (art. 6, para. 8 of Law Decree no. 11/2009).

***


VIDEO SURVEILLANCE FROM HIGH ALTITUDES

Data protection laws do not apply to the processing of personal data that does not allow for the identification of physical persons, either directly or indirectly, such as in the case of the video surveillance carried out from high altitudes (for example, using drones or similar) or in the case of fake and/or switched-off cameras.