Amendments to IP and IT legislation
General Data Protection Regulation (GDPR)
On 25 May 2018, the General Data Protection Regulation (GDPR) came into force in the EU. The main goal of the new regulation is to increase the level of security of personal data of people in EU countries. It is worth mentioning that the regulation is extraterritorial in its operation and, therefore, not only EU companies but also Russian companies processing personal data will be covered by it.
Thus, according to its provisions, the regulation must be applied when personal data of subjects residing in the EU is processed, with respect to companies doing business in the EU and companies that were not established in the EU but carry out activities relating to:
- offering goods or services to people in the EU;
- monitoring the customer behaviour of people in the EU.
Companies processing personal data will be obliged to store personal data in an anonymized and encrypted form, to ensure a proper level of security against leakage, not to transfer data to any third parties and, within 72 hours, to inform personal data subjects and regulatory authorities of any leakage. Moreover, non-European companies must appoint a representative in the EU. Breach of the regulation may lead to an administrative fine of up to EUR 20 million, or 4% of the total turnover of a company for the previous financial year.
(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
‘On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)’)
Amendments have been made to the Federal Law ‘On enforcement proceedings’ and article 15-1 of the Federal Law ‘On information, information technologies and the protection of information’
On 23 April 2018, a law came into force to raise the level of enforcement of orders requiring the deletion of information distributed in the Internet and discrediting the honour, dignity and business reputation of an individual or the business reputation of a legal entity.
The law introduces provisions aimed at enforcing court orders for the deletion from an Internet resource of information which was recognized by a court as discrediting the honour, dignity and business reputation of an individual or the business reputation of a legal entity. Bailiffs are given powers to apply to the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (usually known as ‘Roskomnadzor’) and request that a website be blocked if its owner refused to delete relevant information within the period set by the court. A similar request can be submitted to Roskomnadzor within one day after the order is issued.
(Federal Law No.102-FZ ‘On amending the Federal Law ‘On enforcement proceedings’ and article 15-1 of the Federal Law ‘On information, information technologies and the protection of information’ dated 23 April 2018)
New legal regulation of trade aggregators
Starting from 1 January 2019, amendments to the Law ‘On protecting consumers’ rights’ are coming into effect to introduce the concept of an ‘owner of an aggregator of information about goods and services’ (the ‘aggregator’) and determine the liability of such aggregators.
Subject to the law, aggregators are services that make it possible to simultaneously read information about a product or a service, conclude a sale and purchase agreement with the vendor, and make a prepayment (these may include various Internet platforms, such as Yandex.Market).
The law specifically establishes the liability of aggregators to consumers for damage resulting from information that is known to be false about a product or service, or a vendor, executor, producer or importer of it, non-receipt of the product or the service on time (if, in connection with the above, the consumer has sent a notice cancelling the purchase).
(Federal Law No. 250-FZ ‘On amending the Russian law ‘On protecting consumers’ rights’ dated 29 July 2018)
Trademark Treaty of the Eurasian Economic Union (EAEU)
On 5 December 2018, during a meeting in St Petersburg, the Council of the Eurasian Economic Commission (EEC) signed the Treaty on trademarks, service marks and appellations of origin of EAEU goods. The main purpose of the Treaty is to establish a fundamentally new system for registering trademarks and appellations of origin of the EAEU goods to secure the simplest, fastest and cheapest registration procedure within the Union.
In accordance with the system specified in the Treaty, a rightholder will be able to register its intellectual property with any agency of an EAEU member state and, as a result, obtain a single document of title securing protection in all EAEU member states. All information about registered trademarks and appellations of origin of EAEU goods will be contained in unified EAEU registers.
The Treaty will become operative after 2020, when necessary guidelines, rules of implementation and other documents clarifying the Treaty’s provisions are adopted.
(Treaty on trademarks, service marks and appellations of origin of the EAEU goods, signed by the EEC Council in St. Petersburg on 5 December 2018 in the text of the draft treaty adopted by Order No. 13 of the EEC Council dated 17 March 2016)
Russian Government’s resolutions on the implementation of Yarovaya Law
Within a package of laws adopted in June 2016 and regulating the storage by operators and Internet services of all conversations, messages, images, audio- and video recordings and other information transferred, two resolutions of the Russian Government were passed in 2018 to establish rules for the storage of data by telecommunication operators and organizers of the dissemination of information using the Internet.
Thus, operators must store the full volume of voice information and text messages of their users for 6 months from the date when they stopped receiving, transferring, delivering and processing such data. Internet messengers are also obliged to ensure the storage of text messages, voice information, images, sounds, video and other electronic messages of their users for 6 months in Russia.
(Resolution No. 445 of the Russian Government ‘On approving the Rules for the storage by telecommunication operators of text messages of users of communications services, voice information, images, sounds, video and other messages of users of communications services’ dated 12 April 2018;
Resolution No. 728 of the Russian Government ‘On approving the Rules for the storage by organizers of the dissemination of information using the Internet information and telecommunications network of text messages of the users of the Internet information and telecommunications network, voice information, images, sounds, video and other electronic messages of users of the Internet information and telecommunications network’ dated 26 June 2018)
The Russian Federation has signed the Protocol to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data
On 10 October 2018, Russia’s representative signed the Protocol amending the Council of Europe Convention for personal data protection. By signing the Protocol Russia assumes an obligation to harmonize its national legislation in the sphere of personal data and an obligation to ratify the Protocol.
The new Protocol is intended to increase the level of protection of personal data at the international level by improving the mechanisms contained in the Convention.
The legal developments include the following:
- enhancement of the level of requirements for compliance with the principles of the proportionality, minimization and legality of gathering, processing and storing personal data,
- expansion of the types of confidential information which now include, among other things, genetic and biometric information,
- increased liability of personal data operators and transparency of data processing,
- definition of new rights granted to individuals to manage their personal data when such data is processed, and
- introduction of obligations of personal data operators to report any hacking of databases containing personal data and compliance with the principles of personal data protection during any activity involving the processing of such data.
(Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, CETS No.223, Strasbourg, 10/10/2018)
On 24 July 2018, the Guidelines for administrative procedures and actions in the context of the public service involving state registration of a trademark, service mark, collective mark and the issuing of certificates (duplicate copies) for a trademark, service mark and collective mark have been approved
These Guidelines regulating the procedure of state registration of trademarks, service marks and collective marks are addressed to such employees of the IP regulator Rospatent as are competent to grant legal protection to trademarks. These are primarily public officials who are experts in intellectual property.
In addition to the above subjects, the Guidelines can be used by applicants, patent attorneys and other representatives of applicants when they interact with Rospatent in connection with an expert examination of a trademark application.
The Guidelines consist of 7 sections containing a detailed description of all administrative procedures relating to the filing of an application, payment of state duties, conduct of a formal expert examination and substantive examination, publishing of information about registration, issuing of certificates and other issues.
(Rospatent’s Order No. 128 ‘On approving the Guidelines for administrative procedures and actions in the context of a public service involving the state registration of a trademark, service mark, collective mark and issuing of certificates (duplicate copies) for a trademark, service mark and collective mark’ dated 24 July 2018)
A mechanism of temporary legal protection for industrial designs has been introduced
According to the adopted amendments, temporary legal protection, to the extent defined based on the integrity of essential features of such industrial design which are set out in the published application, is granted to an industrial design with respect to which an application has been filed with Rospatent. Legal protection is granted from the date on which an application that has undergone a formal examination is published in Rospatent’s official bulletin (until the date when information is published that a patent has been issued).
(Federal Law No. 549-FZ ‘On amending part four of the Russian Civil Code’ dated 27 December 2018)