Artificial intelligence travels fast and with autopilot
Self-driving, profiling, social scoring, bias, chatbot and biometric identification are just some of the many terms entered in our daily life. They all refer to artificial intelligence (“AI”), which is the machine’s ability to show human-like skills such as reasoning, learning, planning and creativity[1]. Today like never before, AI has an enormous impact on persons and their security. It is sufficient to mention the Australian case that involved the driver of a Tesla “Model 3” who hit a 26-year-old nurse[2], while the vehicle was on autopilot.
With reference to this tragic accident, one naturally wonders who should be held liable for the critical conditions of the poor nurse. Is it the driver, despite the fact she was not technically driving the vehicle at the moment of the accident? Is it the manufacturer of the vehicle that hit the nurse? Or, again, the producer/developer of the software that provides to the vehicle the information on how to behave when it detects a human being on its way?
As of now, the driver – although she was released on bail – has been accused of causing a car accident. That doesn’t change the fact that – if the charge will be confirmed after the pending judgement – the driver will have the subsequent right to claim damages on the producer/developer of the AI system.
The above-mentioned case deserves an in-depth analysis, especially regarding the European AI industry.
It is worth mentioning that, despite the gradual rise of the AI use in the widest scope of our daily life[3], to date there is no law, regulation or directive related to the civil liability on the use of AI systems.
At an EU level, the Commission seems to have been the first that seriously dealt with the issue of civil liability by highlighting gaps regarding this subject, and publishing, among other things, a Regulation proposal establishing harmonized rules of AI systems[4].
By analogy, it is possible to retrieve from the above proposal three different definitions of civil liability: liability from faulty product, developer’s liability and vicarious liability.
Liability from faulty product applies in the case under exam, which considers the machine to lack legal personality[5].
Hence, as is evident, in the event an AI system causes damage to a third party, the liability will be on its producer/developer and not, on the contrary, on the device/system that incorporates it.
Returning to the case in question, it would therefore be up to the developer of the AI system (i.e. the US company Tesla) to compensate the injured nurse, if the latter is able to prove the connection between the damage/injuries caused and the fault of the AI system. For its part, the developer of the AI system could exclude the damage only if it is able to prove the so-called “development risk”, i.e. providing proof that the defect found was totally unpredictable based on the circumstances and manner in which the accident occurred.
Some commentators have observed on the point that the manufacturer should be able to control the AI system remotely and predict, thanks to the algorithms, unscheduled conduct at the time of its commercialization[6]. Moreover, as we already know, the algorithms incorporated in the AI systems installed in cars can collect data over time, self-learn and study particular behaviors and/or movements of human beings, increasingly reducing the risk of accidents.
From this point of view, the manufacturer would therefore have an even more stringent burden to exclude any hypothesis of liability, that is, to demonstrate that it has adopted all the appropriate safety measures to avoid the damage.
In this regard, the European Parliament has also drafted the “Resolution containing recommendations to the Commission on a civil liability regime for artificial intelligence” which introduces the category of the so-called “High-risk AI”, i.e. those artificial intelligence systems operating in particular social contexts such as, for example, education, or those technologies that collect sensitive data (as in the case of biometric recognition), or that are used in the selection of personnel (which would risk falling back into social scoring or other discriminatory acts) or, again, the technologies used in the field of security and justice (through which there would be the risk of biases: prejudices of the machine on the subject being judged). It has been observed that for such “high-risk AI” systems there is an objective liability of the producer in case of a harmful event unless the latter is able to demonstrate the existence of force majeure event.
In conclusion, despite the efforts made by the Commission and then by the European Parliament with regard to the regulation of AI systems, there are still a lot of questions to be answered regarding the profiles of liability connected to them.
For example, it would be useful to understand how AI systems that are not considered to be “high risk”, such as the self-driving systems discussed in this article, should be framed and regulated. Or again, what threshold of liability to apply if in the not-too-distant future an AI device may be considered fully comparable, in terms of reasoning capabilities, to a human being (as recently claimed by a Google employee on the search engine AI system[7]).
What is sure is that, as often happens with any technological innovation, only a significant integration and adoption in our society of artificial intelligence systems will outline concrete hypotheses of liability, as applicable in contexts of daily operations.
In any case, we have high hopes that the aforementioned Regulation - whose date of entry into force is not yet known - will be able to provide a discipline that is as complete as possible and that above all reduces the risks and responsibilities of the users of AI systems and increases, on the other hand, the burdens borne by the manufacturers of the same to guarantee their safety.
[1] https://www.europarl.europa.eu/news/it/headlines/society/20200827STO85804/che-cos-e-l-intelligenza-artificiale-e-come-viene-usata
[2] https://www.drive.com.au/news/melbourne-hit-and-run-blamed-on-tesla-autopilot-could-set-legal-precedent-for-new-tech/
[3] Considerando (2), Proposta di Regolamento del Parlamento europeo e del Consiglio che stabilisce regole armonizzate sull'intelligenza artificiale (legge sull'intelligenza artificiale) e modifica alcuni atti legislativi dell'unione, 2021/0106, del 21 aprile, 2021
[4] Proposta di Regolamento del Parlamento europeo e del Consiglio che stabilisce regole armonizzate sull'intelligenza artificiale (legge sull'intelligenza artificiale) e modifica alcuni atti legislativi dell'unione, 2021/0106, del 21 aprile, 2021
[5] Barbara Barbarino, Intelligenza artificiale e responsabilità civile. Tocca all’Ue, Formiche.net, 15/05/2022
[6] Ut supra fn 5
[7] https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine
Smart contracts
We often hear about “smart contracts”, but it is not always clear how useful they are or where they can be applied.
Let's start by saying that, in essence, a smart contract is nothing more than a computerised transaction protocol that executes the terms and conditions of a contract. The purpose of such tools is to automate and simplify certain processes.
Consider, for example, the case of insurance policies for flight delays; normally, when the insured event occurs (i.e. the delay), the insured must get in contact with the insurance company in order to receive, at the end of the investigation and unless there are objections, the compensation foreseen with a time frame that can be quite long.
The purpose of a smart contract in this case is to automate the process of claiming damages and paying compensation. Specifically, the insured and the insurance company negotiate the terms of the contract (e.g. the severity of the delay, the amount of compensation, etc.), and then translate the negotiated clauses into computer instructions (algorithms), which are “triggered” automatically when the event occurs. To make it simple, the compensation will be automatically paid into the insured's bank account as soon as the information on the plane's delay is recorded by the smart contract.
However, for the smart contract to achieve the desired automatic effect, the occurrence of the contractual event, i.e. the delay of the aircraft, must be notified to the smart contract. Without this fundamental step, the clauses could not be activated and would remain just a line of code on an isolated device. For this specific reason, the reliability of the source of information to which the execution of the clauses is linked is a crucial aspect in the negotiation phase between the parties, since once it has been selected, its reliability and impartiality cannot be challenged in the course of the relationship.
Once the negotiation phase has been completed, the next issue is the accuracy of the implementation of the smart contract and its accountability. For some time, in fact, the large-scale spread of these instruments has been hampered by the lack of a third-party intermediary who would certify the effective compliance of the lines of code - whose writing must necessarily be entrusted to a technician - with the will of the parties, as well as the inalterability of the instructions over time and their ready verifiability by all interested parties. This function, which in traditional contracts is carried out by professionals such as lawyers and notaries, who guarantee with their work the official nature of what was agreed and the protection of the interests of their clients, is in fact unknown to the world of algorithms.
This, however, has changed with the advent of the blockchain. The latter is in fact a register of information grouped in 'blocks' that are almost impossible to alter and are potentially accessible to any party interested in verifying their content.
By inserting the smart contract into a blockchain through the payment of a cryptocurrency “commission”, a twofold result can be achieved: the verifiability of the information entered (which is thus removed from the exclusive sphere of control of the programmer) and the certainty of this information, which cannot be altered or manipulated without the knowledge of either party. In essence, the blockchain performs the function of a digital notary, archiving and formalising the will of the parties when the contract is concluded. Subsequently, upon the occurrence of the event referred to therein, the so-called “oracles” - blocks that serve to transmit information from the world to the blockchain - communicate it to the registered contract, which will execute the instructions for which it was programmed.
In addition to the insurance field, other areas in which these instruments can be applied are M&A - for example, the possibility of obtaining immediate credit of sums in an escrow account upon the occurrence of the event referred to in the deed of acquisition - and the financial field, where the degree of digitalisation is already very high and where relevant information is already exchanged through computer applications that have an immediate effect on the value of stocks. By way of example, the occurrence of a war event in a given country almost simultaneously causes a collapse in the value of the relative government bonds, just as the statements of central bank presidents are immediately recorded by the financial system, raising or depressing the trend of the international stock exchange over the course of a single day.
From the above examples, it is clear that smart contracts are undoubtedly useful in certain areas, although it is still too early to say that they are destined to replace “traditional” contracts.
This is because not all clauses of a contract can be applied and interpreted through automatisms (e.g. clauses referring to uses and practice), nor all contracts provide for obligations that can be performed by a computer. It is sufficient to think about the clauses providing that the renewal of the contract is subject to the successful completion of a trial period - necessarily linked also to evaluations of personal nature that cannot always be codified ex ante - or to events of force majeure that by their nature cannot be regulated ab origine.
To this must be added that it is still not clear how a smart contract that contains errors or no longer corresponds exactly to the will of the parties can be modified, especially from the moment of its registration on the blockchain. The paradox in such cases would be the automatic and potentially “infinite” execution of an arrangement of interests no longer acceptable to the contracting parties themselves. This aspect also makes it unlikely that smart contracts can be used to regulate, for example, relationships of duration, precisely because the intrinsic uncertainty connected to the changing conditions over time would be incompatible with the ex ante determination of any possible contractual consequences.
Without prejudice to above important considerations, however, it is worth highlighting the great advantage in terms of reducing transaction costs that widespread adoption of this technological innovation could bring. This is especially true in all those cases where the needs to be met do not require complex negotiation; therefore, it is not unlikely that smart contracts will start to be implemented in all those cases where the parties prefer the speed and certainty of automatic performance of an obligation over the renegotiability or flexibility of the relationship.
In conclusion, there is no question of the usefulness and economic savings that can be achieved by using smart contracts. What is certain is that, as is often the case with any technological innovation, these advantages will only be truly perceived through significant integration and adoption of these tools in our society.
However, it can already be said that smart contracts will find wide application especially in standard relationships where a minimum contribution in terms of creativity and customisation of contractual solutions is required.
Under a different point of view, a real challenge for legal professionals is to be able to integrate such tools into traditional contracts in order to improve and enhance the effectiveness of the legal protection provided. This could be a truly “smart” objective to be achieved.
Free transfer of personal data to Republic of Korea: a historic adequacy decision is coming
The European Data Protection Board (“EDPB”) has issued its opinion on the draft adequacy decision published by the European Commission on last 16 June 2021 (available here) concerning the transfer of personal data to the Republic of Korea.
This is a decision that, once in force, will allow the EU economic operators – such as, first of all, all the electronic communication service providers, cloud providers and multinational companies - to freely transfer personal data from Europe to the Republic of Korea without having to adopt either the appropriate safeguards (e.g., "Standard Contractual Clauses") or the additional measures (e.g., consent of data subjects) required by Chapter V of EU Regulation No. 679/2016 ("GDPR").
Indeed, pursuant to articles 44 et seq. of the GDPR, the transfers of personal data to countries outside the European Economic Area or to an international organization are allowed provided that the adequacy of the third country or organization is expressly recognized by a decision of the Commission.
We will now examine in detail the contents of the opinion issued by the EDPB.
Firstly, it was noted that the Republic of Korea's legal framework on the protection of personal data is substantially aligned with the European one, especially with regard to the main definitions provided for by law (“personal data”, “processing” and “data subject”), the requirements for a lawful data processing, the general principles and the security measures.
This has been possible not only thanks to the presence of an effective privacy law (i.e., the "Personal Information Protection Act" or "PIPA" which came into force in 2011) but also because of a series of "notifications" (included the “Notification no. 2021-1”) issued by the Korean Data Protection Authority (i.e., "Personal Information Protection Commissioner" or "PIPC") which explain and make easily understandable the provisions of PIPA.
Moreover, as noted by the EDPB, the Republic of Korea is part of a number of international agreements that guarantee the right to privacy (including the "International Covenant on Civil and Political Rights", the "Convention on the Rights of Persons with Disabilities" and the “ONU Convention on the Rights of the Child"), which confirms the attention that the Republic of Korea has paid to the protection of personal data for several years now.
The EDPB's analysis then focused on some key aspects of PIPA that slightly differ from the GDPR and therefore require more attention - such as, in particular, the absence of a general right to withdraw the consent provided by the data subjects, for example, for marketing activities.
According to the EDPB, although article 37 of PIPA grants data subjects the right to request the “suspension” of the processing of their personal data - a right that can be exercised also in case of direct marketing, as expressly clarified by Recital 79 of the EU Commission adequacy decision – the PIPA provides for the right to withdraw the consent only in two specific cases:
- in relation to the transfers of personal data carried out in the context of special corporate operations (such as mergers, acquisitions, etc.);
- with regard to the processing of personal data for marketing activities by providers of electronic communication services.
The EDPB therefore considered it necessary to draw the Commission's attention to the above-mentioned issues in order to analyze in detail the consequences that, in the light of the Korean legal framework, the absence of such a right might cause for data subjects and to clarify, in the adequacy decision, the actual scope of the above-mentioned right to request the “suspension” of the processing.
Secondly, the EDPB observed that, pursuant to article 58 of PIPA, a substantial part of PIPA - including Chapters III, IV and V, which respectively regulate the general principles for data processing, the security measures and the rights of data subjects - does not apply to several processing of personal data (including those necessary to meet urgent needs for the protection of public health and safety).
The EDPB also notes that the word “urgent” in the PIPA expresses an extremely broad concept that needs to be limited and contextualized, also with the help of practical examples, in order not to compromise the confidentiality of the data subjects’ personal data.
Moreover, the EDPB, in the light of the current emergency situation caused by the Covid-19 pandemic, drew the Commission's attention in relation to the need to ensure an adequate level of protection also for personal data transferred to the Republic of Korea for purposes related to public health protection.
This is because "sensitive" information relating to European citizens (for example, the vaccination status), should receive at least the same level of protection as granted under the GDPR once transferred to the Republic of Korea. In this regard, the EDPB therefore invited the Commission to closely monitor the application of the exemptions provided for in article 58 of PIPA.
Finally, the EDPB considered it appropriate to focus on the possibility for Korean public authorities to access the personal data of European citizens for national security purposes. In this respect, there is no specific obligation for Korean authorities to inform data subjects of the access to their personal data, especially when data subjects are not Korean citizens.
However, even in the absence of such obligation, the balance between the needs of protection of the national security and the protection of the fundamental rights of the data subjects can be found in the same Korean Law that protects the privacy of interpersonal communications (the "Communications Privacy Protection Act" - see also Recital 187 of the adequacy decision), according to which the access to the personal data of European citizens for purposes of national security can be made only if certain legal requirements are met (for example, in the case of communications between "foreign agencies, groups or citizens suspected of being involved in activities threatening national security").
The EDPB notes that, as a further guarantee of the confidentiality of communications accessed by the Korean authorities, the South Korean Constitution states essential data protection principles applicable to this specific matter.
In the light of the favorable opinion issued by the EDPB, it is certainly desirable, and likely, that the European Commission will adopt an adequacy decision in respect of the Republic of Korea.
In an increasingly data-driven global economy based on the economic value of personal data as well as on the sharing of personal data, such an adequacy decision would open the door to the liberalization of trade with the east, also from a privacy perspective.
This regulatory intervention, object of this article, was due and awaited and it certainly follows the "Free Trade Agreement" between the EU and South Korea in force since 2011, which has been able to exponentially increase bilateral trade between the two countries (in 2015 the trade value of transactions amounted around € 90 billion).
Our hope is that, as the years go by, the European Commission's adequacy assessments will cover more and more legal frameworks so that the international transfer of personal data can represent a real and concrete instrument for promoting the economy and innovation worldwide.
Insight publishes on the "Mitteilungen der deutschen Patentanwälte" magazine
Insight Studio Legale is pleased to announce that on the journal Mitteilungen der deutschen Patentanwälte it is now online the article by Alessandro Merolla entitled “Doctrine of equivalents in patent infringement: the Italian Supreme Court rules on the relevance of patent prosecution history in the European legal framework”.
Table of contents November issue
Esports: a global challenge
In 2020, the video games industry generated only in Italy revenues of 2.2 billion euros, with a growth of 21.9% compared to 2019 and of 100% compared to 2016[1]. Worldwide, the video game industry's 2020 revenues reached $159.3 billion[2], almost surpassing the combined revenues of the North American film and sports industries[3].
With specific regard to the esports sector, i.e. competitions and tournaments with an audience of spectators in which individual players or teams compete in the most popular video games, revenues generated at global level reached 947.1 million dollars in 2020 and are expected to exceed 1 billion dollars in 2021, with an annual growth trend of 14.5%[4]. According to recent data, there are more than 1.6 million people in Italy who are passionate about esports events and competitions[5].
These data show how the world of gaming is increasingly becoming a relevant matter in our country’s economy. Just consider the number of events and initiatives organised only in 2021, a year in which Italy started a slow recovery after the traumatic event of the pandemic that hit it hard.
Indeed, in chronological order, the very recent "Milan Games Week & Cartoomics", namely the ambitious union of the Milan Games Week and Cartoomics in a single event dedicated to video games, esports and digital entertainment in general and of course the world of comics, has just ended. Among the many gaming events on the programme, it is worth mentioning the finals of two important national tournaments[6], as well as a series of meetings such as "in my shoes", an initiative organised by PG Esports to discuss and reflect on how new models of inclusion can be effectively launched within the gaming industry.
Moreover, the Amazon University Esports, a tournament between Italian universities sponsored by Amazon, is still in progress with several prizes, as well as the possibility for winners to access international tournaments. Such initiative shows how this sector has finally attracted the interest of Italian institutions, which, in partnership with major tech industry giants, have grasped its potential in terms of visibility and self-promotion.
All these examples show that esports and the world of gaming in general represent a sector with a very high economic potential. In fact, the existing tournaments are already countless and continue to increase year after year. The skills required to take part in such tournaments are within everyone's reach and this allows the continuous entry of new players, who in turn feed the audience of people potentially interested in buying new consoles, virtual objects to be used during the game, targeted advertising.
There are also many types of tournaments, from online tournaments to those organised in physical locations, and their success depends mainly on the organisers' ability to create interesting events that entertain players and spectators. One example is the possibility of hosting concerts and fashion shows in the context of tournaments, as demonstrated by the collaboration between Louis Vuitton and Riot Games for the 2019 League of Legends World Championship.
The growth of the sector therefore appears to be exponential in every respect, and big investors are realising this.
It is precisely the major economic interests in question, however, that highlight the absence of an ad hoc regulatory framework capable of protecting investors on the one hand and players and spectators on the other. At the moment, in fact, in Italy there is no specific regulation of the phenomenon in question.
Those approaching this sector must therefore rely on professionals who understand the different issues, from copyright on new games developed to the drafting of a sponsorship contract.
In this regard, the recent initiatives promoted by CONI (Italian National Olympic Committee) for the recognition of esports as a legitimate sport are certainly worth following with interest.
In fact, it is clear that, once official recognition as a sporting discipline has been obtained, the next step for esports will be to identify and establish shared rules specifically designed for this sector. This brave initiative has, however, been criticised and in fact many doubts have been raised that esports will be superficially assimilated to traditional sports competitions, managed by national entities and subject to strict rules that do not seem to be in line with a creative and innovative context such as that of video games.
Our hope is that the legislator will understand as soon as possible the importance of ensuring a clear and easy-to-apply regulatory framework for an ever-changing sector, able to dictate clear directives on what is admissible - think, for example, of the thriving sports betting market - and at the same time that will be able to grasp the peculiarities of the technological context that has allowed esports to become a global phenomenon.
[1] https://www.censis.it/sites/default/files/downloads/Rapporto%20Integrale.pdf
[2] https://www.wepc.com/news/video-game-statistics/
[3] https://www.marketwatch.com/story/videogames-are-a-bigger-industry-than-sports-and-movies-combined-thanks-to-the-pandemic-11608654990
[4] https://newzoo.com/insights/trend-reports/newzoos-global-esports-live-streaming-market-report-2021-free-version/
[5] See footnote 1 above
[6] PG Six Nationals Winter 2021 and Italian Rocket Championship
Copyright Directive: an open challenge
The path leading to the implementation of the Copyright Directive has been long and full of setbacks. Indeed, it was only on 6 August - two months after the deadline set by the Directive itself - that the Council of Ministers approved the draft Legislative Decree implementing the Directive, which is now once again being discussed by the Parliament.
One of the elements that has contributed to slowing down the legislative process of this new text is the objective it pursues, namely the rebalancing of the relationship between, on the one hand, the large digital platforms that disseminate and aggregate creative content and, on the other hand, the producers, authors and performers of such content.
From that perspective a number of innovations have been introduced, as listed below, which have given rise to much debate and concern:
- Article 13: establishment of an impartial body to assist creators of audio-visual works in negotiating licensing agreements with video on demand service platforms (such as Netflix, Prime Video, Disney Plus, etc.). This therefore is an instrument for the protection of authors and their rights which aims solely at limiting the enormous bargaining power that digital platforms use to their advantage against those parties;
- Article 14: free use of acts of reproduction of works of the visual arts that have entered the public domain because copyright protection has expired. Basically, if a work of the visual arts, such as a painting or a film, falls into the public domain and is reproduced in a video or in any other form of communication by a third party, the latter cannot claim any right over such act of reproduction, unless it constitutes an autonomous intellectual creation of the author and can be protected as such;
- Article 15: introduction of a new related right in favour of publishers of journalistic publications for which they must be remunerated for the online exploitation (reproduction and making available to the public) of these publications by digital platforms, such as Google, Bing, Yahoo; the same article also provides for the obligation of the same publishers to pay a reasonable share of the revenues generated in favour of the authors of the publications. Such fair remuneration has given rise to a number of uncertainties, since the decree in question, instead of limiting itself to providing for the right of publishers to negotiate a remuneration (as provided for in the text of the Directive), has provided for the obligation to negotiate a fair remuneration. Moreover, if the parties in question are unable to agree on this point, AGCOM (the Italian Communications Authority) will act as “referee” in identifying such remuneration;
- Article 17: obligation of online content sharing services, such as Facebook, YouTube, Telegram, to obtain the authorization from rights holders to share protected content on their platforms. Sharing services therefore will be directly liable for copyright infringements committed via their platforms, unless they can prove that they have obtained the authorization from the rights holders to disseminate protected works or at least have made “best efforts” to obtain such authorization or to remove unauthorised content.
The use of the term “best efforts” to assess whether or not the conduct of the platforms may be sanctionable will certainly create several problems, especially of an interpretative nature; for the time being, this expression has been translated in the decree under review as the obligation to adopt the “maximum efforts”, thus favouring an extensive and quantitative interpretation that imposes and therefore requires greater control by the platforms;
- Article 17: introduction of complaint and fast-track redress mechanisms for users in the event of disputes that concern content removal or account disabling by platforms, as well as information requirements for platforms concerning the conditions and terms of removal of uploaded content.
The innovations listed above undoubtedly constitute a major challenge because of the economic interests that are involved. The objective of the directive certainly is a bold one in that it seeks to change the rules of the game in order to redistribute the value generated by the activity of the platforms and “give it back” to the creators and authors of the contents.
In that regard, the obligation for publishers to reach agreements with large information aggregation platforms such as Google for the purpose of obtaining remuneration for the use of their publications is an historic legislative change, albeit one that risks cementing the predominance of those publishing houses that have sufficient resources to engage in such negotiations. This imbalance is even more evident if one considers that art. 1, para I, lett. b (8) of the decree includes, among the criteria for quantifying this remuneration, the higher number of views or the reputation of the publisher itself.
Equally relevant is the provision of a “maximum effort” to be borne by the sharing platforms in removing illegal content uploaded by users. However, the choice of the Italian legislator to prefer the quantitative criterion, which seems to refer to the amount and pervasiveness of the checks carried out, introduces a potential risk of indiscriminate removal of content by extremely “sensitive” detection algorithms, which certainly contrasts with one of the stated objectives of the directive, namely, to preserve the right of criticism and satire of users. On the other hand, a “qualitative” interpretation of this obligation could have been preferred, namely a “better effort” on the part of the platforms, one that would be proportionate to the seriousness of the violations and their diffusion.
The decision by the Italian Government to depart in part from the text - and from the spirit - of the directive has been the subject of a lengthy debate, to the extent that it has raised in more than one person the doubt of an excess of delegated powers or of so-called “gold plating”, i.e. the practice whereby the national legislator goes beyond what is required by European legislation, while formally remaining within the perimeter of its own discretion.
Hopefully, in the final version of the decree the Italian legislator will pay more attention to the aim of harmonisation that all European directives pursue, which in this case requires the adoption and definition of a common “European approach” to digital copyright in the coming years. This approach will in fact allow the individual countries of the Union to effectively interact with the so-called “web giants” and finally take a firm stance against them (which so far has been completely lacking).
Why the restyling of the Insight Logo?
The change in the wording of the "Insight" sign with the insertion of four green dots celebrates the fourth year of activity of the Firm, which since its founding has continued to grow and establish itself in the international legal market. The use of "green", the colour of the previous trademark, is a symbol of continuity and quality of the service offered, while the chromaticism represents the dynamism that characterizes us.
The creation of this new distinctive sign in the fourth year of the Firm's activity coincides, as it already emerges at a first glance, with the beginning of our partnership with de Dominicis & Mayer, a historical Milanese firm of industrial and intellectual property consultants. This is a real fusion in practical terms between legal and technical expertise which, combined with the cross experience of different cultures, allows us to offer our clients an all-round service, while preserving the advantages of an agile structure.
Brand restyling: it's not just a matter of taste
In the last few years, we have become familiar with the concepts of restyling and rebranding[1], just think of how the symbols on the jerseys of our favourite teams have changed over time, or how different the current login screens of the most widely used social media sites look compared to their beginnings.
Sometimes it is a question of minimal changes, while other times of actual upheaval. Let us try to put ourselves on the other side of the table and see what may lie behind the decision to renew the image of one's own company and what consequences, including legal ones, this may have.
Let us start with the main functions of the trademark.
For the entrepreneur, the brand serves to establish a link in the mind of the consumer between a positive shopping experience and the subject who provided the product or service, so that the customer can repeat the purchase in the future. For the consumer, the brand is useful in guiding him choice among many products in the same category, both because the consumer knows what to expect in terms of quality and because trust in the brand will allow time saving in identifying the product that is of interest.
In evaluating a possible redesign of the brand, therefore, the owner of the sign must ask whether and how a redesign can facilitate or impede these functions. The key is to enhance one’s own credibility. A restyling is well done if it communicates a sense of continuity with the quality of the past, making known the firm's propensity to keep up with the times.
On the other hand, change does not always constitute a winning strategy: there are some famous cases[2] in which supposed actions of brand "modernization" have turned out to be unsuccessful.
The main indicators that reveal the adoption of wrong choices in the phase of reworking one's image are the confusion generated in the consumer and the debasement of the credibility that was previously gained.
Confusion, when consumers are no longer able to immediately recognize whether the product or service they are considering comes from that company or another. In this regard, a strong discontinuity in the company's distinctive sign should be carefully considered: the brand encourages a habit of consumption, which risks deteriorating if excessively destabilized.
Debasement of acquired credibility, when the brand as such is clearly referable to the same company, but instead of underlining its renewal and projection towards the future, it generates a feeling of weighting and involution.
At this point, it is necessary to make an important distinction: in fact, modifying the brand has a different impact depending on whether the company involved sells products/services or is a company that "lives" on the attention of its users, such as large social media or search engines.
In the first case, certainly the attention given to its image, although important, is secondary in comparison to the quality and efficiency of the product/service offered. In the second case, on the contrary, the business model is based on monopolizing the attention of users, so innovating and making their brand interesting becomes an integral part of business strategy.
Before embarking on a restyling operation, it is good to understand the reasons behind this choice and the message that is intended to be communicated. Usually, through restyling, companies aim on the one hand to increase the level of engagement with the outside world, which is asked - via the operation of renewal - to pay attention to the products and services on offer. On the other hand, it is a useful tool for communicating important changes characterizing the company, such as the expansion of the business sector, a new commitment to social issues, the acquisition of new industrial techniques, etc..
Turning now to the legal aspects, when the restyling concerns a registered trademark, the issue of the management of the transitional phase from the old to the new sign arises.
Firstly, it is important to know that any changes to the trademark, even if minimal, will make it necessary to proceed with a new filing at the competent national and international offices, if the intention is to register the aforesaid mark (which is certainly recommended). The decision to proceed with a new filing also brings with it the need to ask oneself whether - once the previous trademark has reached the expiry of the 10 years from registration - it is advisable to keep both trademarks registered or proceed only with the most updated one.
Certainly, the maximum protection is offered by registration, but our legal system also offers protection to unregistered trademarks already known on the market, so-called "de facto trademarks", guaranteeing that similar or identical trademarks cannot be registered. In this sense, even if the registration of a previously used trademark is not renewed, it will still be possible to obtain its protection by demonstrating its use and reputation.
In addition to the matter of registration, the restyling operation must be supported by an adequate prior art search, so as to avoid causing infringements of another person’s distinctive signs. This is particularly true when the renewal of the trademark is not limited to minor alterations but includes the insertion of new figurative elements or colours that were not previously used.
Telling people about yourself is an integral part of doing business, and the main tool for achieving this is the brand. If it is essential to seize the opportunity to communicate the changes in your company through a restyling operation for it to be successful, it is equally essential to take due care in carefully examining all aspects, from the most commercial to the legal ones.
[1] We talk about rebranding when the distinctive signs are completely rethought to reflect a new conception of the product or of the company.
[2] GAP case: the brand was withdrawn soon after its release because it was unanimously considered a clear worsening of the historical brand.
Non Fungible Tokens: a unique opportunity, but for who?
During the last few months there has been a matter that has generated great interest among finance professionals, Youtubers and the most famous art galleries: we are of course talking about NFTs, which is an acronym for “Non Fungible Tokens”.
To understand what NFTs are, it is necessary to consider first the technology that lays at their foundation, namely blockchain.
In summary, blockchain refers to a database – meaning a group of data organized in accordance with defined criteria – which is formed by “blocks”, that is sequences of individually identifiable information which, instead of being stored in a single central server, are distributed in identical replications on the terminals of those who have installed the related computer protocol.
Those who access and partake in the blockchain, which is open and freely accessible by anyone, can find information presented in numerical sequences which acquires value inasmuch as it is certain and basically unchangeable. This result is achieved via several levels of protection, the first of which is that altering a single block necessarily requires “reprogramming” the sequence of the entire chain, which is made even more difficult by the presence of cryptographic instruments.
The unchangeable nature of the individual blocks of information guarantees the reliability of transactions which are carried out by exchanging the blocks, without the need for an external entity to check or approve those transactions.
In this sense, it is clear why this technology has found widespread use in the field of digital currency: every transaction that is performed on the blockchain is registered in the individual blocks in full transparency, without fear of theft or manipulation.
Within this context, NFTs perform an additional function, which is to enable the transfer of this certainty – attributable to each individual block of the blockchain – to other digital contents, such as images, videos, and GIFs. Instead of exchanging something similar to a coin, which carries a certain value but may be exchanged with anything else, thanks to NFTs it is possible to transfer a good which is un-substitutable (for example, let us think of a collector’s item).
The advantage that such technology may have is evident, insofar as it eliminates the need to perform long checks for establishing the authenticity of information or digital content, especially if we consider the importance of digital databases managed by public entities.
For this reason, renown artists and other famous people have begun offering for sale on dedicated digital platforms their videos, artistic creations of various kinds and even mere tweets, all of which has been “transformed” into NFTs.
The feedback from the public has gone beyond any expectation, thereby generating great profits, in some cases even in the range of millions[1]. In exchange, purchasers have obtained ownership of those videos, images, and so on.
NFTs therefore appear to be introducing a new horizon of possibilities for the world of artistic production because they can guarantee in the digital world – which, by definition, is a world of identical copies subject to unlimited reproduction – the existence of a single original that remains unchangeable in time.
Also, thanks to NFTs content creators now have a source of revenue as well as an easy-to-use instrument that allows them to prove ownership over their works and, at the same time, to transfer the right of ownership to third parties.
A space in which NFTs are already used is that of online gaming, where players can buy weapons or other “unique” objects to be used or exchanged during gaming sessions. However, it is also reasonable to speculate a wider use of NFTs in the field of industrial property; for example, let us think about the possibility of using such instrument in order to prove the prior use of an industrial machine, thereby invalidating a third party patent and transforming in NFT the related YouTube video which would come to represent unalterable and unassailable evidence of the prior divulgation of the machine within the market.
That being said, there are some aspects surrounding NFTs that would need to be further analysed and kept into consideration.
Firstly, the authenticity and ownership of NFT content is in turn based on declarations of the interested parties, who in general should be the authors or at any hand the owners, or licensees, of the rights of economic exploitation over the work. Currently, there are platforms where users are asked to register and that enable the execution of transactions which guarantee transparency as to the actual ownership of contents, but in theory anyone could create an NFT that incorporates digital content belonging to someone else. There is no initial check on the actual ownership of the asset which the user intends to transfer via NFT and this is a circumstance that may lead to disputes concerning the property of the content being transferred.
Further clarification is also necessary with regard to the tax regime applicable to such instruments (especially as concerns the possible profits obtained via NFT sales) before they become a widespread tool in the creative sphere.
Finally, another point to be considered concerns the rights of consumers who, after having made a purchase, do not have the possibility of retracing their steps by exercising their right of withdrawal which is provided for distance purchases (including of course online purchases).
Once we set aside the euphoria – which at times has been mostly speculative – that has been brought about by these new instruments, in our view NFTs may represent a potential shift in our lives, especially with regard to all those services and goods that are premised and require a certification of authenticity of information and digital contents, such as ownership, origin, rights of temporary utilization.
However, in order for these instruments to be used on a widespread scale, it is necessary that – on the one hand – platforms introduce and guarantee an efficient system of checks as to the ownership of the transferred asset in order to avoid possible disputes, and – on the other hand – it is also necessary that the legislator intervene so as to provide for specific guarantees to protect purchasers (like the aforementioned right of withdrawal) and, in general, a coherent ad hoc regulatory system (which should include, among other things, a tax regime adapted to the nature of NFTs).
[1] A famous case is that of the artist Beeple, who sold via the auction house Christie’s his work “Everydays: The First 5000 Days” at a price exceeding USD 69 million, and that of Jack Dorsey, the founder of Twitter, who sold the first tweet in history at a price of USD 2,9 million.
European Green Certificate: freedom of movement in Europe during the pandemic
It's called the European "Green Certificate," but actually you can read it as "Covid-19 Pass". It purports to make movement of citizens within the European Union easier, as well as to contribute to the containment of the spread of the Sars-CoV-2 virus.
Let's try to understand what are the features of the green certificate, who will issue it and what guarantees it will have in place for the protection of personal data, including sensitive data.
1. Premise
On 17 March 2021, the European Commission proposed the introduction of a European "Green Certificate", which aims to allow the exercise of the right of free movement of citizens – as provided under Article 21 of the Treaty on the Functioning of the EU (TFEU) – during the Covid-19 pandemic. This certificate would be issued by each Member State, in digital and/or paper format and would have the same legal value throughout the EU.
However, to speak of just one "Green Certificate" is not correct. Indeed, as explained in the Proposal for a European Regulation published by the EU Commission[1], there are three different types of certificates that may be issued:
i. “Vaccination certificate": namely an attestation certifying that a person has received an anti Covid-19 vaccine authorized for marketing in the EU;
ii. "Test certificate": a certification that an individual has tested for Covid-19, via an antigenic or molecular test (as long as it is not self-diagnostic) which has returned a negative result;
iii. "Certificate of recovery": a document proving that a person who had been diagnosed with Covid-19 has subsequently recovered from it.
Each certificate will be in the official language of the relevant Member State and in English, it will be free of charge and will be issued by duly authorized institutions/authorities (e.g., hospitals, diagnostic/testing centres or the health authority itself).
2. How does the certificate work?
The certificate has a "QR (Quick Response) code" containing essential information about its holder, a digital signature that prevents forgery and a seal that guarantees its authenticity.
When a European citizen enters a Member State of which he or she is not a native, the institutions and/or competent authorities of that State will scan the QR code on the certificate and verify the digital signature contained therein. This verification of the digital signature will take place by comparing it with the signature keys held by the institutions/authorities of the State of destination, which will be stored in a secure database of each State.
In addition, a single "gateway" managed by the EU Commission will be made available at an EU level, via which the digital signatures of green certificates may be verified throughout the EU.
3. Processing of personal data contained in the certificate
Each certificate - whether related to vaccination, test or recovery - will contain a series of information relating to the person to whom it refers such as, for example: name, surname, date of birth, date of vaccination, result of the antigenic/molecular test, diseases which he/she has recovered from. This is information that falls under the definition of "personal data" pursuant to art. 4 of Regulation 679/2016 ("GDPR") insofar as it relates to an identified natural person and, for this reason, must be processed in accordance with the principles and guarantees provided by that Regulation.
In this regard, it is appropriate to summarise the most important contents of the opinion dated 31 March 2021 that the European Data Protection Board ("EDPB") and the European Data Protection Supervisor ("EDPS") provided to the EU Commission regarding the green certificate.
a) The processing of personal data contained in the certificates should be carried out only for the purpose of proving and verifying the vaccination, negativity or recovery status of the holder of the certificate and, consequently, to facilitate the exercise of the right of free movement within the EU during the pandemic.
b) In order to facilitate the exercise of privacy rights by the data subjects, it would be advisable for each country to draw up and publish a list of the persons authorized to process such data as data controllers or data processors and of those who will receive the personal data (in addition to the authorities/institutions of each Member State competent to issue certificates, already identified as "data controllers" by the proposal for a Regulation at issue).
c) The legal basis for the processing of personal data in the certificates should be the fulfilment of a legal obligation (art. 6, para. 1, lett. c of GDPR) and "reasons of substantial public interest" (art. 9, para. 2, lett. g of GDPR).
d) In accordance with the GDPR principle of "storage limitation" of personal data, retention of data should be limited to what is necessary for the purposes of the processing (i.e. facilitation of the exercise of the right to free movement within the EU during the Covid-19 pandemic) and, in any case, to the duration of the pandemic itself, which will have to be declared ended by the WHO (World Health Organization).
e) The creation of EU-wide databases will be absolutely forbidden.
4. Critical remarks and conclusions
In addition to the innovative implications of the proposed Regulation, there are certain aspects which deserve further study or, at least, clarification by the European legislator in order to ensure the correct application of the new European legislation.
a. Issuing and delivery of certificates
The proposal for a Regulation provides that certificates are "issued automatically or at the request of the interested parties" (see Recital 14 as well as articles 5 and 6). Therefore, as also pointed out by the EDPB and the EDPS, the question is whether a certificate:
i. will be created and then delivered to the individual only if expressly requested by the latter;
or if, on the contrary
ii. such certificate will be created automatically by the competent authorities (e.g., as a result of vaccination) but delivered to the individual only upon his/her express request.
b. Possession of a certificate does not prevent member states from imposing any entry restrictions
The proposed Regulation provides that a Member State may still decide to impose on the holder of a certificate certain restrictive measures (such as, for example, the obligation to undergo a quarantine regime and/or self-isolation measures) despite the presentation of the certificate itself, as long as the State indicates the reasons, scope and period of application of the restrictions, including the relevant epidemiological data to support them.
However, one may wonder if these restrictions and their enforcement conditions will be defined at European level, or whether their identification will be left to each State; in the latter case, this would involve accepting the risk of frustrating the attempt of legal harmonisation pursued by the proposed Regulation.
c. The duration of the certificate
The proposed Regulation provides that only the "Certificate of recovery" must also contain an indication of the validity period. Therefore, once again we may wonder what will be the duration of the other two certificates ("vaccination" and "test") and how it will be possible to ensure the accuracy of what is attested by a certificate after a certain period of time from the date of issuance (for example, let us think about the various cases of positivity found after the administration of a vaccine or the so-called "false negative / positive" cases).
d. The obligations of the certificate holder
What are the obligations of the certificate holder? For example, if a certificate has been issued attesting a Covid-19 negative result and, after a few months, the holder finds out that in fact he or she is positive, would the holder be obliged to apply to the competent authorities/institutions of his/her country in order to have the certificate revoked? Furthermore: in the event that the holder tries to use a false certificate for entry in another Member State, what sanctions would he/she have to face?
e. The protection of personal data
The new proposal for a Regulation tasks the Commission with adopting, by means of implementing acts, specific provisions aimed at guaranteeing the security of the personal data contained in the certificates.
However, given the extremely sensitive nature of the data in question, will the EU Commission also ask for a prior opinion from the Data Protection Authorities of the Member States? Perhaps it would be useful to ensure, also in this context and with specific reference to the privacy documentation to be provided to the data subjects prior to the issuance of certificates, a quasi-unanimous European approach in order to prevent the possible dilution of the guarantees provided under Regulation 679/2016 ("GDPR").
In conclusion, this is a proposal which, if implemented with due care, could contribute greatly to the return to a somewhat normal life; however, it is feared that without a particularly detailed regulation on this matter, a high risk of making cross-border movements even more complex would ensue, also considering that each State would most likely adopt further measures regarding the regulation of this certificate.
[1] https://eur-lex.europa.eu/resource.html?uri=cellar:38de66f4-8807-11eb-ac4c-01aa75ed71a1.0024.02/DOC_1&format=PDF.
Vaccine delays: legal solutions for technical problems
Delays in the deliveries of the Astra Zeneca vaccine doses are raising doubts among the public (and among politicians) about whether vaccination plans laid out by governments can be met.
For these reasons, alternative solutions are being considered from many quarters, and recently in Italy the debate seems to have shifted to patents that protect vaccines, which are considered by many to be an obstacle to public health.
Indeed, patents - like other intellectual property rights - are nothing more than monopoly rights granted to their holder for a period of twenty years during which they may be exploited commercially.
As is well known, the scope of these 'exclusive rights' lies in the increased welfare of the community: by rewarding inventors for a limited period of time, the community achieves the dissemination of knowledge, which otherwise would be kept hidden as much as possible.
However, the global health emergency calls for reflection on whether exclusive patent rights can be circumvented by the need to obtain patent-protected vaccines very quickly.
In other words, we should ask ourselves whether, in this situation of absolute necessity - where the health of citizens is at stake - it is reasonable to persist in looking exclusively after the interests of the patent holder rather than those of the community.
Take, for example, the case of the well-known Astra Zeneca vaccine, for which the owner company was unable to secure production on time and in the quantities that were originally planned.
For such reasons, in Italy it has been suggested that companies equipped for this purpose could be granted the extraordinary right to produce this vaccine even if they do not hold the patents, obviously upon payment of a royalty in return.
This solution would allow for avoidance of possible failures by pharmaceutical companies, which would in any case receive financial compensation for their research and inventive activity.
More generally, the proposals made and discussed were as follows:
- require large multinational patent-holding companies to grant 'compulsory licences' to companies that can produce vaccines of similar quality;
- suspend the efficacy of the patent, so that anyone can use the knowledge protected by it to produce vaccines until the health emergency continues;
- expropriate the holders of patents on vaccines by transforming them into state property, against payment of fair compensation.
Such proposals are supported by several legal bases, first of all the international treaty known as the "TRIPS Agreement"[1], which provides for the possibility for the adhering states to impose compulsory licenses for the manufacture and export of medicines to countries that do not have a sufficient production capacity of their own.
The difficulty in using this instrument lies in the fact that it was designed to provide support to developing countries that do not have the domestic resources to buy expensive foreign drugs (the case of the HIV drug in Africa is well known).
Its application appears more difficult in countries such as Italy, which is developing its own vaccine and has the resources to buy vaccines produced abroad.
On this point, mention should also be made of article 141 of the Italian Industrial Property Code[2], which provides for the power of the Italian State to expropriate or otherwise use patents or patent applications for reasons of public utility. The term 'public utility' indeed seems to include the current pandemic crisis.
If the hypothesis of expropriation of the patent seems disproportionate or in any case an excessive compression of the rights of the patent holder, the hypothesis of compulsory licenses granted in favour of third companies seems to us a reasonable and viable way to compensate for the various complications described above.
However, the practical - and therefore technical - aspect of producing vaccines against Covid 19 must also be taken into account. Indeed, there are different vaccine production methods and processes, which correspond to different measures of efficacy (for example, among the vaccines already approved by the competent authorities, Pfizer and Moderna guarantee 94-95 % efficacy, while Astra Zeneca guarantees 82.4 %)[3], as well as different abilities for providing coverage against Covid variants.
At the same time, vaccines are not the subject of a single patent, but of several interlinked patents that often belong to different parties. As a result, third-party companies would have to obtain compulsory licenses from a large number of owners, which would lead to greater organisational difficulties.
In addition, it is clear that the patents in question are based on complex, confidential know-how, which would have to be transferred and disclosed by the owners to the licensee companies as soon as possible so that the vaccine could be produced; this would, however, lead to longer production times and additional organisational difficulties.
In light of the above, the suggested and discussed route of compulsory licensing certainly seems feasible to solve the shortage and related delays in the delivery of vaccines but, in our opinion, there is a need for collaborative conduct between the owner companies and the licensees, rather than open conflict between them, all in order to safeguard the public health priority.
Moreover, the hypothesis being discussed would be immediately operational without the need for new legislative intervention, which often requires the convergence of political forces (often not easy to implement). This circumstance is certainly an incentive to be exploited in order to achieve a desirable result for the whole community within a short span of time.
[1] Articles 31 and 31bis of said Agreement, in its wording updated to the Protocol of 6 December 2005, which was enacted on 23 January 2017.
[2] Legislative Decree No 30 of 2005, as amended.
[3] https://www.aifa.gov.it/web/guest/domande-e-risposte-su-vaccini-mrna; https://www.aifa.gov.it/domande-e-risposte-su-vaccini-vettore-virale.