Tag Archives: Cybersquatting

Your GDPR To Do List

GDPR And Your BusinessBack in 1987 when I joined Reuters as a relatively junior lawyer, one of my first assignments was to audit the company’s data processing activities. I spent a few months visiting senior managers’ offices around Reuters to explain the new laws in a bid to understand the data each section was collecting and storing. I would tick off various charts in the process. I no longer remember what else I did to ensure Reuters would be compliant with the Data Protection Act 1984, but it was a simple exercise compared to GDPR.

In those days there was no internet so the landscape was far less complicated than it is today even though Reuters was a large tech company. The widespread use of cloud computing and dedicated apps for functions like accounting, marketing, time recording and more had yet to develop.

Since founding Azrights there have been some data protection projects involving data breaches or creation of new databases. Often these gave rise to  legal questions such as whether IP addresses, or particular postcodes were personal data, and what is involved to anonymise data in order to exploit it. However, apart from these rare instances, by and large data protection has been of low interest to clients whose main priority was to obtain documentation for their websites.

Fast forward to today, and GDPR looks set to become one of the most substantial pieces of legislation that businesses of every size will have to tackle. Companies that had previously regarded non-compliance with EU data protection law as low risk are beginning to re-evaluate their positions in the light of the substantial new fines, increased enforcement powers and grounds for judicial remedies that exist under the GDPR.

Cambridge Analytica

The recent events surrounding Cambridge Analytica and Facebook’s subsequent actions have only added to the significance of GDPR. I touched on this in a recent blog 3 Steps Every Business Needs To Take To Comply With GDPR Apart From Email Marketing.

There are many facets to GDPR, one of which is the ban on the transfer of data outside the EU. This will impact the widespread practice of using freelancers located in low cost countries like India, or the Philippines for various business functions.  It’s worth mentioning here that the UK is firmly committed to complying with GDPR long term so Brexit will not affect the applicability of GDPR to UK businesses.

What Transferring Data Outside the EEA Means

Transfers of data outside the EEA are only permitted in limited situations, such as where the recipient country ensures ‘adequate’ protection for data subjects and their personal data. It’s important to note that “transfer of personal data” doesn’t just mean the sending of personal data in the form of paper documents or emails from one country to another. Many of us are routinely transferring data outside the EEA when we:

  • Communicate personal data by telephone, email, fax, letter, through a web tool or in person to countries outside the EEA;
  • Use IT systems or data feeds leading to personal data being stored on databases hosted outside the EEA;
  • Use freelancers or companies located outside the EEA who can access or “see” our personal data held in the EEA; and
  • Outsource, offshore, use cloud computing, or third party apps located outside the EEA for various business functions.

The online world is borderless, while the GDPR laws have clear boundaries. This means we either need to find a justifiable basis for continuing our existing data transfer activities or change our practices.

The GDPR imposes substantial and onerous new obligations on all of us. Because it impacts so many routine business functions that need to be reassessed nobody can ignore it. Some of the rules under GDPR are less onerous for small businesses, but it doesn’t exempt anyone, not even micro businesses. Many  organisations outside the EEA are realising the implications GDPR has on them (because they process EU individuals’ personal data) so they are busy making changes to their platforms in order to avoid being locked out of the EU market. They have little choice but to comply with the EU’s GDPR laws.

Although there are powers to impose hefty fines and administrative penalties, the ICO has been at pains to let it be known that fines are not going to be their first line of attack. Instead they want to encourage and educate so that all businesses become aware of the new laws and implement necessary changes.

Implementing GDPR is time consuming, wide ranging, and even overwhelming. The more you do, the more you realise there is to be done. So, don’t delay.  I would recommend reviewing the ICO’s resources, and if you want help, then Azrights is here to support you.

One benefit of using my guidance on GDPR is that I have a few grey hairs, and have a commercial approach to risk management. Many decisions involved in applying the GDPR regulations are not black and white. Until a body of case law develops to interpret the different aspects of the regulations, you need to make a judgment call as to how to apply the new laws to your business, what to prioritise and focus on, and how strict to be when implementing the different rules. If you want a lawyer who will help you to make sound choices I’m well placed to support you.

If you’ve not yet done so already do opt in to our GDPR updates and get our updates on how to comply with GDPR.

Intellectual Property Revolution – Book Launch – Video Highlights

IP Revolution Book Launch 1

The Intellectual Property Revolution, my second book, was launched with great success on 13 October 2015 at the Institute of Directors in London.

For those of you who were unable to attend the event the next best thing is to watch the videos of the night.

Daniel Priestley of Entrevo, who runs a global entrepreneurship accelerator programme known as Key Person of Influence (that I myself have attended) gave the introductions for the night.

He also took us through the ages pointing out that at one time it was ownership of land that enabled people to build fortunes, these people built themselves a reputation and became influential. Then after this agricultural age came the industrial revolution where people built their fortunes by  owning the means of production. In the digital economy it is intellectual property that is the means to building fortunes. He said millennials would rather spend all their time and money to build start-ups  than purchasing houses or land.

 

Next up was Will Critchlow of Distilled, CEO of a digital marketing agency based in London with offices in the USA. He reinforced the importance of using the right name and protecting intellectual property rights very early on, an issue he himself had encountered at the early stages of his business ventures while at school. Intellectual Property, in particular securing a trade mark helps provide businesses big or small with strong foundations to securely expand and build a reputation they establish. This will strengthen branding strategies becoming real investments rather than failing later on.

 

 

Then finally, I spoke about the importance of taking early IP advice in order to position yourself for maximum value if you succeed, and reduce the risk of disaster. When overlooked, IP can be damaging to the core features of any business. For example, a poor choice of name can be a real set back. This is something I discuss in more detail in my blog Intellectual Property Value – Do You Need Specialist Skills to Value IP?

IP is so important to any business, as the internet now dominates our daily lives, it is the ownership of these intangibles which is so necessary to protect. At Azrights, we offer a fixed price service that provides early stage businesses with comprehensive advice concerning Intellectual Property rights and strategic building of them.

 

There was a chance for guests to mingle over canapes and here are some vox pox and highlights of the event. The vox pox discussions give some insight into why attendees believe IP is so important in today’s society.

While the highlights below will give you a general flavour of the eventful evening.

Since the launch, I have revised the conclusion of the book, as this was a chapter I struggled to write last year. At the time, I wanted to finish the book so I used something. However, having had time to  reflect over the festive period, I have changed the conclusion, and am now very happy that the book will be an easy, insightful read for businesses interested in IP.

The new conclusion fits much better with the book as a whole being a kind of synopsis of the book and summarises the transformative effects of Intellectual Property rights. If you don’t have time to read the whole book, you’d now get a strong indication of what the book is all about by reading just the conclusion and perhaps revisiting the book when time allows.

Internationalisation of IP

International Business & Globalisation Of IP

International Business & Globalisation Of IPNowadays many businesses are global from day one.

Even though you may just operate out of a bedroom in your home, when you sell online, you are potentially doing business in every country worldwide. That’s because the Internet is borderless.

In contrast, IP laws are territorial. This means your rights only cover the country in which you register or otherwise acquire rights.

So, it’s essential for an online business to adopt a strategic approach to their domains and trademarks.

Resources are bound to be limited because when you start a company it’s difficult to know how successful you’ll be. It makes sense to keep costs down and overheads low.

The Name

Names are an important way in which the law protects a business, so make sure you choose a good one. The name is one of the most valuable IP assets your business has if it is successful, and the choice you make impacts upon the value of the business.

It’s essential not only to find out whether your proposed name is available to use in all your intended markets, but also whether the name is legally effective (that is, whether it can function as a trademark).

The principle of territoriality means that if you register a UK trademark you simply get a right to use the mark in the UK.  If someone in another country uses the same name for a similar business you would not be within your rights to use your brand in their country.

The current international trademark system is designed for a very different business environment, one that’s more suited to the pockets of well-resourced, well-funded multinationals that gradually move into new markets. Nevertheless, if you want to be able to protect your business, using the same brand worldwide, then checking the trademark registers is essential. Then you should consider your strategic approach to registering a trademark, in other countries too.

What you don’t want is to have a local business use your brand to block you from selling to their local market by using their trademark rights against you.

International priority protection

Once you have checked out a name, the next step is to file a trademark. The base application would be filed in the country in which you are based. For UK ecommerce businesses this will typically be an EU registration, although some online businesses prefer to just file a UK trademark.

The way international protection of IP works is that it is possible to secure protection in other countries under the international registration system known as the Madrid system.

You get a priority right for up to six months from the date of the base application. This gives you up to six months to extend your trademark protection to other countries.

Although you can then extend protection to any Madrid Protocol country using a single application, the costs can be high as the official fees are significant. We have a calculator on our website which can give you an idea of the official fees.

A fictional case that illustrates the importance of filing trademark applications in other countries as your business begins to expand is outlined below.

Raxisia

This ecommerce site had been selling its products in the United States for more than 8 years without having registered a trademark there. A competitor then set up a bricks and mortar shop in the United States selling similar products and also called itself Raxisia.

The original Raxisia company was alerted to this when publicity surrounding the new shop was spotted by one of its existing customers who emailed to congratulate it on its new venture in California.

Raxisia was lucky that it had customers in the United States. So, it was able to prevent the local shop from trading off its goodwill. Using lawyers they filed a trademark application in the United States and after much correspondence, the other party decided to rebrand. The legal costs were hefty because among other things the lawyers had to contact the numerous customers that the company had in the United States and in California.

The company could have avoided the hefty legal fees if it had registered its mark in the United States as soon as it began selling its products there.

Domains

Once you’ve settled on a name, a related consideration is what domains to register and when to buy further domains. For example, a UK ecommerce business might typically start by registering a co.uk, .com, and .net. These will be relatively inexpensive. But should you register other CCTLDs – Country Code Top Level Domains? If say France is a market to which you will sell, should you also register a ‘.fr’ name, and if China is important to you should you buy a ‘.cn’ name, too?

As your business grows and you get customers in other countries you’ll need to consider whether to buy your name in other country codes.

There are more than 250 country code domain names. It would be expensive to buy your name in all of them. The strategic considerations will differ for every business. Typically, many wait until their business starts to take off before looking at more extensive domain registrations. The key is always to look at where you are doing business or might be doing business soon.

So, the priority should be to register in those markets in which you have customers or in which you think you will be selling in the near future.

Unlike the GTLDs — generic top-level domain names, – .com, .net, .org – where there’s a lot of uniformity, the rules for country codes are different in every country, as are the prices. Sometimes you need a trademark to get a registration. Other times you need a local business registration. And in some cases you may need a local presence or a local address. So, the CCTLDs usually cost more.

Cybersquatting

Some of the considerations with domains is what happens if someone in another country steals your name and registers your domain with the local CCTLD. This is called cybersquatting. What can you do about it?

It may be difficult to block another person from using your name in another country. So the strategy for registering domains needs to bear this in mind, and be combined with your trademark registration strategy.

You will need access to advice as to the remedies available for the individual CCTLDs. Sometimes your rights may depend on whether or not the name you are using is trademarked. It will also depend on the country’s dispute resolution policies. Each country has different dispute policies, and different procedures for granting relief.

For example, in the UK the dispute resolution body that deals with co.uk issues is Nominet. Nominet will typically consider whether you have trademark rights (which does not necessarily entail having a registered trademark), and whether the registration or the use of the domain name is in “bad faith”. That is, whether the person who registered it likely did it in order to resell it to the person who has the name or in order to divert revenue to themselves for economic gain.

The first step in these administrative style dispute procedures is to file a complaint. There is no court involved as it’s an arbitration.  Once you’ve complained, the other party must answer the complaint and the arbiter then decides whether or not the person who you have complained against should be able to keep the domain name or should release the name into your ownership. The decision is purely based on the pleadings. You don’t have a day in court.

For other domains, such as .com the registry designate groups such as the World Intellectual Property Organization or WIPO or the National Arbitration Forum or other groups to decide the dispute.

These arbitration groups have a lot of experience and history in handling domain disputes.

So in conclusion, it’s essential to get advice, and to set a strategy to determine where you register domains.  This will partly be dependent on the rules of the different countries. For example, if a local business registration is needed in order to register, you might decide the risk of cybersquatting is low risk, and perhaps just register a trademark.

Once you’ve taken all the issues on board you will end up with a priority list based on the intrinsic risks.

Temporary name?

As names involve legal complexity and potential costs it makes sense to have a strategy for the early days if you want to keep your expenses down.

One possibility is to choose a temporary, descriptive name that informs the market what your business does.

This can be useful in the early days when nobody knows you exist and could later become your tagline when you are ready to name the business.

Unless you already have a good understanding of your market and the gap you will fill in it, it could save precious resources in the early days to avoid the expense of naming, design and branding. You will be much better placed to differentiate your business and brand it once you’ve been in business for a while.