Chapter
Intellectual property
Unitary patent protection in Europe
European patent with unitary effect
Until now, there has been no unitary patent system in Europe, which would allow a patent to be registered in all member states without the need for verification by national offices. The Unified Patent System and the Unified Patent Court have been under development since 2012 and are expected to become operational on 1 June 2023. The novelty of this system is that the patent will be granted collectively in the territory of all EU countries that have acceded to the Agreement and no validation will be required at national level. This represents a breakthrough in patent protection and will significantly shorten the path for entrepreneurs wishing to obtain such protection.
Key features of the new system
- The new system will not replace existing registration systems - it will be an additional avenue for international patent registration, where the application will not be verified at national levels.
- The patent registration will not cover all European countries - only those that have acceded to the Unified Patent Court Agreement. At the time of publication, 17 member states have ratified the Agreement. Poland has not yet acceded to the Agreement.
- A Unified Patent Court (UPC) will be established. Until now, disputes have been resolved exclusively by national courts. The UPC gives the possibility to litigate in an international procedure. The court will have jurisdiction over disputes relating to the patent with unitary effect and the European patent. With regard to the European patent, states have the option to opt out of submitting cases to the jurisdiction of the UPC.
Advantages and disadvantages of unitary patent protection
Advantages:
- Less complicated and cheaper procedure - a European patent with unitary effect will be valid across a dozen EU countries without the need for additional registration at national level.
- The establishment of an international court will ensure uniformity of jurisprudence - reducing legal uncertainty.
Disadvantages:
- Possibility of losing protection in the territory of multiple countries at the same time.
- The economic sense of protection by a patent with unitary effect depends on the individual needs of the company. The solution may be suboptimal if the company's strategy is to explore the market and leave the protection right only in certain countries.
Potential impact on Polish entrepreneurs
Poland has not joined the Unified Patent Court Agreement, but the new system will have an impact on Polish entrepreneurs. The case law of the UPC will influence the shape of Polish patent law and the judgments of Polish courts. In addition, a Polish entrepreneur will have the possibility to obtain a patent with unitary effect. In such a case, the protection right will not cover Poland, but the territory of the countries that signed the Agreement. As a result, it will be possible to enforce one's rights related to the unitary protection right before the UPC.
Chapter
IT
European Data Protection Board report on the use of cloud services by the public sector
In a report dated 17 January 2023. The European Data Protection Board ("EDPB") has provided a list of issues under the GDPR Regulation that public sector entities should pay particular attention to when contracting with cloud service providers.
List of issues
Public entities should consider the following, without prejudice to other obligations under the GDPR Regulation, to ensure that cloud deployments comply with the GDPR Regulation:
- conducting a data protection impact assessment (DPIA);
- ensuring that the roles of the parties to the contract are clearly and unambiguously defined;
- ensuring that cloud providers act only on behalf of the public entity and in accordance with its documented instructions;
- identifying personal data processed by the cloud provider as a controller;
- ensuring that a viable objection to the involvement of new sub-processors is possible;
- ensuring that the scope of personal data is determined in relation to the purposes for which they are processed;
- the involvement of a data protection officer;
- cooperation with other public entities in negotiations with the cloud provider;
- verifying that the processing is carried out in accordance with the data protection impact assessment
- ensure that the procurement procedure provides for all necessary requirements for compliance with the GDPR;
- ensuring compliance with Chapter V of the GDPR by identifying and implementing complementary measures where necessary;
- analyzing the third country legislation that could apply to a specific cloud provider and could allow requests from third country authorities to access data stored by the cloud provider in the European Union;
- verification of the conditions under which a public authority may carry out and participate in audits.
Would you like to know more?
The entire EDPB report can be found at the link:
edpb_20230118_cef_cloud-basedservices_publicsector_en.pdf (europa.eu)
Chapter
Cybersecurity
New rules on abuse of electronic communications
On 2 March 2023, a government bill on combating abuse of electronic communications was submitted to the Sejm. The new legislation is expected to enter into force 30 days after its publication in the Journal of Laws. Once it enters into force, a public entity's email provider will have three months to implement SPF, DMARC and DKIM mechanisms and six months to provide an email offering that allows the use of multi-component authentication methods.
The new provisions contain the rights and obligations of telecommunications undertakings and the competences of the President of the Office of Electronic Communications related to preventing and combating abuse of electronic communications.
Chapter
Data protection
Right of access to one's own data - obligation to indicate the exact identity of the data recipients
Judgment of the CJEU in case C-154/21
In its judgment of 12 January 2023 in Case C-154/21, the CJEU explicitly ruled that the right of access to one's own data contained in Article 15(1)(c) of the GDPR (Regulation 2016/679) means that, where the data has been or will be disclosed to recipients, it is incumbent on the controller to provide that person with the exact identity of the recipients of his or her data. Providing only the category of recipients is not sufficient. The data controller may limit himself to indicating "categories of recipients" only exceptionally, where:
- it is not possible to identify those recipients; or
- if the request is unjustified or excessive.
Chapter
E-commerce
Work continues on new directive on liability for defective products
28 September 2022. The European Commission has published a proposal for a new directive on liability for defective products. The new directive is intended to amend the existing Directive 85/374/EEC on product liability, adopted almost 40 years ago - in 1985.
The proposal aims to adapt the product liability regime in the European Union to the digital age, the circular economy business models present in the market and global value chains.
Contact us!
Summary
Here is the next study prepared as part of the Make IT clear program.
Every month we will show you the trends that entrepreneurs should follow and the solutions that should be implemented in order to be up to date with the law of technology, intellectual property and data protection. We will also indicate the risks and challenges associated with your business.
Do not hesitate to contact us!
Contact us
Interested in the changes we have made here,
contact us to find out more.