When you’re starting any new venture it’s a good idea to ask yourself some searching questions. Why are you in business? Or why are you planning to start one? What’s the motivation driving it? Are you aiming to make it big? Would you aspire to be the next Richard Branson or Anita Roddick? Or are you just intending to be self-employed? Certainly, when I founded my law firm, Azrights 13 years ago I just wanted to work flexibly around my two daughters so I could be there for them instead of handing over to a nanny to raise them.
Aspirations change over time. Certainly, for me a love of entrepreneurship was the catalyst to growing the Azrights business into a proper law firm. My ambitions grew and I have seen a need to create another business, Azrights International Ltd to provide eLearning now, and essentially to offer potential clients different options to the done for you legal services that Azrights provides. You may find your aspirations change over time too. Bear them in mind as the IP actions you need to take do depend on the direction you’re taking.
I am convinced that Intellectual Property is a business skill that entrepreneurs and creatives need to learn just like finance, or any other subject that’s so intrinsic to their business success. The IP I teach in my current course, Legally Branded Academy, is relevant to a worldwide audience because it is business insight not legal minutiae. By understanding the big picture businesses can address IP issues early on, and avoid mistakes. IP is the nuts and bolts of business. It translates to value, so upskilling yourself to protect your IP is important.
The current system of registration for UK based data controllers was replaced by the UK’s Information Commissioner’s Office (“ICO”) with effect from 25 May 2018.
From that date, or once existing registrations come up for renewal, data controllers who are not exempt, will have to pay an annual data protection fee to the ICO.
Due to the way the rules are written, it is strongly recommended that you contact the ICO as soon as possible if your business is not currently registered.
Replaces Requirement to Notify
The new fee arrangements replace the requirement to ‘notify’ (or register) under the Data Protection Act 1998, in line with Recital 89 of the GDPR which suggested that Member States abolish general systems of registration.
The ICO has published a guide about the data protection fee. The fee payable depends on staff numbers and annual turnover. There are exemptions for micro businesses who don’t outsource bookkeeping or other functions.
Noteworthy is that all controllers will be regarded as belonging in the top tier band unless they tell the ICO otherwise, so this should motivate those businesses that do not have an existing data protection registration to address GDPR compliance immediately and apply to register.
What GDPR Involves
GDPR has certainly been taking up businesses’ time in terms of understanding the regulations, and taking actions to work towards compliance.
So I have put together a short mini training on GDPR which would be relevant to those who have not yet taken any steps towards compliance. There are 4 blog posts in the series:
Among other things, these give you tactical steps to put in place and explain some decisions to make as a business owner in order to work towards compliance.
If you’re unsure how to work out your strategy on issues like opt in and opt out boxes, and web forms, you may be interested to know that I’ll be releasing a marketing course as a separate module for GDPR. So to receive notification once this is available
There are more than a dozen documents you will need in order to work towards GDPR compliance. We have created a GDPR site with all the templates, where there are videos and written guidance on all this. There are FAQs, and we plan to constantly add news updates after 25 May to guide you in your compliance.
Conclusion
25 May is just the beginning in terms of implementing a compliance program. Most businesses will need to set aside time regularly to continue their work as there is so much to do.
Every organisation is affected by Europe’s new General Data Protection Regulation or GDPR as it’s known. I’m sure you’ve heard plenty about it.
GDPR represents one of the biggest shake ups in the privacy and data protection laws since the internet. The recent Cambridge Analytica and Facebook incident involving misuse of hundreds of Facebook profiles has only added to the significance of GDPR.
GDPR is a complex piece of legislation which applies to every business whatever its size. If you have names, phone numbers, email addresses of customers, prospects, employees or suppliers, then GDPR affects you.
GDPR looks set to become one of the most substantial pieces of legislation that businesses of every size will have to tackle. Companies that had previously regarded non-compliance with data protection laws as low risk are beginning to re-evaluate their positions in the light of the substantial new fines, increased enforcement powers and grounds for judicial remedies that exist under the GDPR.
Chaos And Myths
So, there is chaos currently as myths have come about to the effect that after 25 May you cannot communicate any more with customers, or leads who came on board before 25 May. Some businesses sending out these emails have no clear idea why they are sending them. It’s sometimes a knee jerk reaction, and therefore ill thought through. They risk having to stop communicating with many of their existing lists, and past subscribers.
You don’t have to do that. However, there are certain processes you do need to put in place and decisions you need to make as a business owner to allow you to continue communicating with your subscribers.
GDPR isn’t the simplest of laws. There are numerous regulations that come under the GDPR umbrella. There are grey areas and until there is a body of case law, it’s not completely clear how certain aspect of the law will be interpreted. The key point is that you don’t have to send one of these emails telling your customers that you won’t be communicating with them anymore. There are strategies you can adopt to avoid being one of those businesses sending out these emails which are clogging up people’s inboxes.
Opt In Forms?
And if you capture data on a website by offering useful information, or letting site visitors request a call back or information, GDPR covers this too and there are a series of steps you need to take as a business to know how to carry on doing that. There are some myths that have built up around this too. You don’t necessarily need to add tick boxes. You can comply without one, and if you do add one you need to make sure you understand why you’re adding one. Otherwise, you could still end up non compliant despite paying web developers to add them. Depending on the form and what you want to achieve you may be able to avoid adding a tick box by changing the terms of your offers. I talk about that later in this series of 4 training blogs.
Compliance with GDPR involves a number of steps, including putting in place documents to be able to show your compliance should the Information Commissioner’s Office (ICO) need to investigate you for any reason. These are the key points to be aware of.
This mini training tells you what you need to know to work towards GDPR compliance. Whether you do this in time to meet the deadline of 25 May 2018, or come to it later after the deadline has passed, as many will, it’s important to realise that compliance with GDPR is not optional, just as operating PAYE, or other legal obligations are not optional. Nor is it something you do once and then forget about.
The Right Steps To Comply
Better to take some steps, albeit imperfect ones, than to take none at all towards compliance. But make sure they’re the right steps. Avoid taking quick decisions to send ill-considered emails asking for consent or to add tick boxes to your web forms. First make sure you have adequate information and legal guidance to properly assess the situation you face. Then decide what steps to take to address the different categories of data you currently hold. The aim is to preserve your ability to communicate with your people.
And nothing in the regulations require you to delete data in a hurry. If you conclude that you cannot market to a list of people you do not need to remove them from your system before 25 May.
Future Proofing
In terms of how to deal with collection of email addresses in future, make sure you are clear about what you want to achieve. Then properly understand what you need to do to be compliant. For example, what will you do when you go out networking and collect business cards? What changes will you make to existing forms on your website? It will vary depending on the form in question. What changes do you need to introduce? Then proceed to organise changes once you have an overall plan. Don’t do things in a piecemeal fashion.
I will say this. You may not need to engage your web developers to add opt in and opt out boxes on your forms. Before you proceed with development work take stock and set an appropriate strategy and document your decision. In the Marketing element of this training I’ve got some ideas for you on how you might address this but first it’s important to understand what these GDPR laws are aiming to achieve, as you’ll be better placed to implement your compliance plan.
Back in 1987 when I joined Reuters as a relatively junior lawyer, one of my first assignments was to audit the company’s data processing activities. I spent a few months visiting senior managers’ offices around Reuters to explain the new laws in a bid to understand the data each section was collecting and storing. I would tick off various charts in the process. I no longer remember what else I did to ensure Reuters would be compliant with the Data Protection Act 1984, but it was a simple exercise compared to GDPR.
In those days there was no internet so the landscape was far less complicated than it is today even though Reuters was a large tech company. The widespread use of cloud computing and dedicated apps for functions like accounting, marketing, time recording and more had yet to develop.
Since founding Azrights there have been some data protection projects involving data breaches or creation of new databases. Often these gave rise to legal questions such as whether IP addresses, or particular postcodes were personal data, and what is involved to anonymise data in order to exploit it. However, apart from these rare instances, by and large data protection has been of low interest to clients whose main priority was to obtain documentation for their websites.
Fast forward to today, and GDPR looks set to become one of the most substantial pieces of legislation that businesses of every size will have to tackle. Companies that had previously regarded non-compliance with EU data protection law as low risk are beginning to re-evaluate their positions in the light of the substantial new fines, increased enforcement powers and grounds for judicial remedies that exist under the GDPR.
There are many facets to GDPR, one of which is the ban on the transfer of data outside the EU. This will impact the widespread practice of using freelancers located in low cost countries like India, or the Philippines for various business functions. It’s worth mentioning here that the UK is firmly committed to complying with GDPR long term so Brexit will not affect the applicability of GDPR to UK businesses.
What Transferring Data Outside the EEA Means
Transfers of data outside the EEA are only permitted in limited situations, such as where the recipient country ensures ‘adequate’ protection for data subjects and their personal data. It’s important to note that “transfer of personal data” doesn’t just mean the sending of personal data in the form of paper documents or emails from one country to another. Many of us are routinely transferring data outside the EEA when we:
Communicate personal data by telephone, email, fax, letter, through a web tool or in person to countries outside the EEA;
Use IT systems or data feeds leading to personal data being stored on databases hosted outside the EEA;
Use freelancers or companies located outside the EEA who can access or “see” our personal data held in the EEA; and
Outsource, offshore, use cloud computing, or third party apps located outside the EEA for various business functions.
The online world is borderless, while the GDPR laws have clear boundaries. This means we either need to find a justifiable basis for continuing our existing data transfer activities or change our practices.
The GDPR imposes substantial and onerous new obligations on all of us. Because it impacts so many routine business functions that need to be reassessed nobody can ignore it. Some of the rules under GDPR are less onerous for small businesses, but it doesn’t exempt anyone, not even micro businesses. Many organisations outside the EEA are realising the implications GDPR has on them (because they process EU individuals’ personal data) so they are busy making changes to their platforms in order to avoid being locked out of the EU market. They have little choice but to comply with the EU’s GDPR laws.
Although there are powers to impose hefty fines and administrative penalties, the ICO has been at pains to let it be known that fines are not going to be their first line of attack. Instead they want to encourage and educate so that all businesses become aware of the new laws and implement necessary changes.
Implementing GDPR is time consuming, wide ranging, and even overwhelming. The more you do, the more you realise there is to be done. So, don’t delay. I would recommend reviewing the ICO’s resources, and if you want help, then Azrights is here to support you.
One benefit of using my guidance on GDPR is that I have a few grey hairs, and have a commercial approach to risk management. Many decisions involved in applying the GDPR regulations are not black and white. Until a body of case law develops to interpret the different aspects of the regulations, you need to make a judgment call as to how to apply the new laws to your business, what to prioritise and focus on, and how strict to be when implementing the different rules. If you want a lawyer who will help you to make sound choices I’m well placed to support you.
If you’ve not yet done so already do opt in to our GDPR updates and get our updates on how to comply with GDPR.
In my previous post, I looked at the issue of protecting your blog content and identity. This blog briefly looks at some of the issues concerning the inclusion of other people’s materials in your content.
As I mentioned in the last blog, as a blogger you need to look in both directions when it comes to intellectual property (“IP”). In particular, you should ensure that what appears on your blog – be it text, photos, or comments – does not infringe the IP rights of someone else.
Before you launch your blog, with your new blog identity, you should carry out trade mark searches to make sure your name, tagline and logo don’t infringe the registered trade marks of another person or company.
Public domain and copyright
Moreover, make sure the contents of your blog presence don’t infringe someone else’s copyright. Content is not necessarily in the public domain just because it is freely available to access on the Internet. Unless you have created the content yourself – for example, taken that photograph yourself – you cannot assume that it is not protected by copyright. In fact, you should usually assume the opposite.
Most content is protected by copyright and that copyright will only expire 70 years after the death of the author. While it’s true that there are exceptions which permit some use of protected material – fair dealing in the UK or fair use in the United States, these are limited in scope, as you will see below.
Use of stock images
These days, with search engines like Google, there are thousands of images online for bloggers to use in their blogs. However, make sure your use won’t infringe copyright by checking the terms of the sites you’re using. Do the licence terms cover your blog? For example, if you may only make non commercial use, and do have promotions or otherwise make your blog pay, then don’t download from a site that only allows non commercial use as doing so may well amount to unauthorised reproduction contrary to copyright law.
Fair dealing of copyright material
What happens if, as a blogger, I want to use material such as photo from a news event, or if I want to quote from an article, or book or even if I want to parody such material?
Well, assuming that the content you want to use is protected by copyright (which is likely), the general position, at least in the UK, is that the reproduction of a substantial part of a work amounts to copyright infringement. What constitutes a “substantial part” is a complex and large topic, and will differ in each case as everything depends on the particular facts. So, let’s not get bogged down here with the somewhat tricky issue of what amounts to a “substantial part”, and instead look at what the law permits by way of certain limited exceptions which constitute fair dealing in the UK.
Although there are a number of fair dealing exceptions, only a few are likely to be relevant to bloggers. These include (a) criticism and review, parody and quotation, (b) reporting of current events, and, (c) incidental use (which is not strictly fair dealing but convenient to mention here).
If you reproduce part of a copyright work – let’s say an online article – in order to criticise or review that work or another work, your use may qualify as fair dealing under the law in the UK. This same law also protects you when you feature a quotation of a work. However, it’s important to note that you may not freely reproduce a work if you want your use to be “fair”. So, reproducing an entire article on your blog is unlikely to be fair dealing. And the exception applies only to published works. Moreover, you must normally also include a sufficient acknowledgement of the original work.
The law in the UK also provides for fair dealing of third-party copyrighted material for the purpose of reporting of current events. However, photographs are excluded from this exception and so you cannot download and reproduce a photograph for the purpose of news reporting on your blog. While it might seem obvious, the events must be “current” and you must normally include a sufficient acknowledgement.
A blogger may also make incidental use of another’s copyright work without infringing copyright in that work. However, the law in the UK expressly excludes the deliberate inclusion of another’s music or lyrics. For example, you cannot add a song in the background of a video clip and claim that your use was incidental use if the song owner objects: it is not incidental use in this example because the music was included deliberately.
Creative commons licences
The last decade has seen the rise of open access forms of disseminating works known as Creative Commons (or (“CC”) licences. These provide for standard-form licences allowing members of the public to reuse a work in particular ways. Creative commons have sought to develop a suite of licences for many types of works.
The CC licences offers copyright owners a suite or menu of terms for using content. Some of these only allow reuse in an unmodified form. Some only allow reuse with attribution. Others only allow reuse for non-commercial purposes.
While CC licences have become extremely popular in recent years, the most common kind is the “attribution, non-commercial, non-derivative works” licence which only allows the user to reproduce, distribute, or play the work in a non-modified form, only for non-commercial purposes and with attribution of authorship. As a consequence, CC licences are generally better suited to users who do not seek remuneration from copyright.
Using other’s logos or trade marks
A question that often arises is to what extent people may include the brand logos or trade marks of others in blog content. In terms of logos – say, logos of famous companies such as Virgin, Barclays, or Coca Cola – the best advice is: “don’t” because most of brand logos are usually protected by both trade mark registration, and copyright. This means that any reproduction by you on your blog of another’s brand logo is potentially copyright infringement.
In contrast, the mere reference in your blog to a word trade mark – such as “BARCLAYS BANK” or “GAP” – is unlikely to amount to trade mark infringement. This is because, generally speaking, names do not enjoy copyright protection. Also, trade mark infringement is based on consumer confusion and so a mere reference to BARCLAYS BANK in your blog is not necessarily going to confuse your readers. That said, if your use is such that the relevant consumer might be led to believe that your blog is somehow connected to or supported by Barclays Bank, your use could potentially amount to trade mark infringement. So, when in doubt stick to merelyreferring to their brand names and avoid using other’s trade marks in such a way as to cause consumer confusion.
So, now that you have some basic insights into the IP laws, happy blogging!
These days, any of us can be a blogger. All you need is somewhere to post your content, and an interesting angle on life – be it sports, politics, travel, food, music, you name it – you can blog your perspective on it. What’s more, you can attract a worldwide audience of thousands or even millions.
However, as well as a web presence and a flair for writing, you should also develop an awareness of intellectual property (“IP” for short) and its impact on your blogging activities.
IP is essentially about protecting our intellectual creations, and that includes of course our blog entries. But whatever A has protected, B may infringe. So, when we consider blogging and IP, you need to look in both directions: how can you, as a blogger, protect your IP and also, how can you ensure that your blog does not infringe the IP of others? Here today we look at “A” – what you have protected. In next week’s blog, we look at “B” – avoiding infringing what someone else has created or protected.
While IP embraces a bundle of different rights, in this blog we are going to briefly look at the two most important rights for bloggers: trade marks and copyright.
It really is amazing that some bloggers enjoy a huge reputation online and yet they have never protected their blog identity by means of trade mark registration. For example, it seems that Turner Barr – about whom I say a little below – of “Around the World in 80 Jobs” fame, did not file a trade mark application until after he had settled what is probably one of the most high-profile IP blog disputes to date. It’s an unfortunate fact of life that many people take IP for granted until some issue crops up, and then they really value their IP and wish they had better protected it at the outset.
Blogs Are Global – Trade Marks Are National
Blogs, being online, are global in nature. They don’t respect national borders which can make trade mark protection, which is generally national in nature, potentially complex. However, it’s advisable to file to register your blog name and blog identity as trade marks at least in your home country. In trade mark law there is something known as the “priority filing system” which enables you to apply to register your trade mark elsewhere in the world within 6 months of your initial home filing and maintain the original filing date.
Let’s turn to copyright. Copyright arises automatically as soon as your writings, photos, music or other creations are fixed in a recorded form. For example, as soon as you save your blog entry on your computer, it is protected by copyright as a literary work. Similarly, as soon as you take a photograph on your mobile phone, it too can be protected as an artistic work.
As for your blog content – such as your blog entries, photographs, music etc– it’s advisable to always keep a dated record (for example, in your computer files) in case you should ever need to prove that you created the work, and on what date you did so.
Although Internet Service Providers (ISPs) are not liable if another person takes your blog material and posts it elsewhere online, you still have options. For example, if the infringer refuses to take-down the lifted material, you may be able to achieve that result by filing a take-down notice with the website provider. Social media companies such as Facebook have well-established take-down procedures by which they will remove infringing content on proof that it infringes your IP rights, including your trade marks and copyright.
Turner Barr
So what about Turner Barr mentioned earlier? Turner created a highly-successful blog called “Around the World in 80 Jobs” which recounted his experiences as a young millenial in obtaining sometimes strange and wonderful jobs around the globe but which also provided information and advice to young people about gaining employment. In 2013, Swiss employment company Adecco produced their own version of his blog, and they filed trade mark applications in various countries for “Around the World in 80 Jobs”. Happily, all’s well that end’s well. After a sustained campaign on social media, Adecco agreed to drop its version of “Around the World in 80 Jobs”, and withdrew its trade mark filings.
If this pressure from social media hadn’t happened, then it would not have been at all straight-forward for Turner. The right approach is to always file to protect your blog presence as a trade mark before disputes arise such as Turner’s with Adecco.
So, in conclusion, if you blog you have IP. Make sure both to protect your blog IP, and avoid infringing the IP of others. In the next video, we will have a look at some of the issues surrounding use of the material of other people in your blog and how to avoid common mistakes.
GDPR is all about introducing greater transparency, increased accountability and enhanced privacy rights for all of us. For example, we can manage our permissions to tech platforms as a result of being notified about the data they hold and collect on us. These new rights are necessary in a world where the likes of Google collect the most mind boggling information.
The fact that GDPR requires tech companies to design their platforms with privacy built in, means a “take it or leave it” stance will no longer be the prevailing approach. The legislation has teeth. For example, there are eye watering fines for companies that ignore the regulations, which will have even the richest of them pay attention.
GDPR is all encompassing, impacting so many different areas of a business. So, it can be overwhelming.
A good place to start if you’re a small business wanting to understand your obligations under GDPR is the ICO’s site. There are plenty of resources provided to help you to comply, although I suspect the majority of small businesses will ultimately need help because it’s one thing to know about GDPR, but it’s quite another to know what to focus on when attempting to comply with the new laws given that there is so much to do.
There are certain actions that every business should be taking immediately to reduce GDPR risks. And that’s not the much publicised question whether or not to ask for consent to market to your lists which I previously wrote about on this blog GDPR – Why Consent Should Be Used As A Last Resort. Sadly too many advisers out there are still telling businesses that obtaining specific consent for everything is the way to go, which will place huge administrative burdens on those businesses that follow such blanket advice.
3 Steps
There are 3 steps every business should be taking in the light of the GDPR changes, that many businesses may be missing given the spotlight on email marketing. That is, to consider the data they hold in the cloud and take simple basic measures, such as:
Use strong passwords. If employees, virtual assistants, or contractors (such as your website development company) have access to your data, then are they using strong passwords so as to keep your data safe? They could easily compromise your security by their actions.
You should introduce clauses and contracts with your freelancers, and contractors. Explain the impact of GDPR. Are they using laptops with encryption? Do they know not to log into your sites in internet cafés? Are they always logging off when they leave their computers unattended? These basics are essential. You are responsible for educating your workers, contractors and other team members about GDPR and the actions they need to take so they don’t compromise security of your data or otherwise cause you to be in breach.
You want to let contractors such as your digital marketing agency, virtual assistance service, or web developers know that using outsourced staff and giving others access to your site without your knowledge is not permitted without your specific consent. These entities are processors of your data. They should not be appointing sub processors without your knowledge. You need to know if your agency is giving access to your data to a third party. Otherwise, what is the point of your doing due diligence checks when taking on an agency, only for them to engage a temporary helper (possibly using a less rigorous vetting exercise than you employ) to assist them when providing their services to you?
If you’ve not yet addressed these GDPR issues in your business then don’t delay as they are, in my view, one of the greatest security risks small businesses face.
If, on the other hand, you are an agency using outsourced team members to deliver services such as website design, form building, online questionnaire development, search engine optimisation, Facebook or Google advertising, and the like, then your business model may need some adjusting. You should be thinking about what your clients will need from you, and pre-empting their concerns.
Conclusion
With just over a month to go, and many contracts and steps to take immediately, you can’t afford to leave it any longer. While it’s unlikely you will face fines for failing to address every aspect of GDPR, doing nothing is not a sensible option. Come 25 May, your website will be a tell tale sign if you’ve not taken any steps to comply with GDPR.
We have various service options to help clients, ranging from access to templates and clauses, to providing some consultancy, or taking care of the entire process for you. Get in touch if you have would like a quote or have any questions.
While every agency understands how to use the creative process to create a brand name, few understand the legal implications of choosing one name over another.
Turning an idea into a business involves creating intangible elements like names. As these are governed by the law of intellectual property it means you are creating intellectual property.
Specifically, trade mark law protects names, and so one implication is that you need to choose a name that meets the requirements of the law.
To fully understand the impact of getting this right on both the agency and client side, it is worth reflecting on what value a brand brings to a business.
Value of a brand
A brand name is of the most valuable assets a business will have.
According to Forbes, the most valuable brand name in the world in 2017 was APPLE. It was worth $170 billion. GOOGLE takes second place, at $101 billion and MICROSOFT in third place, at $87 billion. Three words – APPLE, GOOGLE, MICROSOFT together are worth about $360 billion.
Just think about that for a moment. The world’s top three brands are worth many times the average country’s entire GDP (or annual economic output). That’s the value of a good brand name.
Based on the value of the world’s biggest brands, a good brand name needs to be:easy to pronounce and spell
• one that works internationally
• one that copes with business expansion or change of direction.
• one that is legally available
The final point is most important here.
The trade mark registers are cluttered, and the best .com domains are often already taken. Therefore, choosing a name invariably involves doing some due diligence.
An agency tasked with creating a name should really put forward a shortlist of 3-6 names for full legal clearance if the client is to stand a chance of finding one name that it may use.
Getting this wrong may not just mean the trade mark application is thrown out. The client may find itself on the wrong end of an enforcement action by another business whose trade mark is being infringed.
A name that infringes on someone else’s mark leaves the client with little choice but to rebrand. Some clients might sue an agency that created the identity for them, or require a free rebrand. Quite apart from the reputational damage for the agency, a name that the client can’t use would prove as problematic for the agency as it would for the client.
Not only is it worth getting this right to protect your agency, it also offers you an opportunity to deliver certainty and differentiation from other agencies who are less aware of the consequences.
An agency’s responsibility when creating a brand identity
When a client engages the services of a branding agency to create an identity, that agency is an adviser, and as such, is expected to understand the surrounding law.
While the agency might tell a client that certain actions that are required to clear a name for use should be undertaken by lawyers, it’s not possible to completely absolve itself of responsibility simply because some of the work involved in clearing a name is done by lawyers.
There are two levels of checks for brand names that should be undertaken:
1) Basic preliminary checks – often these do not require a lawyer and can be done through simple searches
2) Full clearance searching – in most cases done by lawyers
I’m of the view that while lawyers are always best placed to undertake full clearance and this is clearly the responsibility of the client, basic preliminary checks can and should be performed by the agency as part of the process of developing names.
This seems not to be the prevailing view.
One designer recently said to me that she does not believe she is responsible if a client of hers has problems with a name she selected for the client and the client decided not to register the name as a trade mark. According to this designer, if the client chooses not to trade mark the name then it’s the client’s fault if it later transpires there are problems with the name.
Quite apart from the fact that registering a name as a trade mark in no way helps if the name is not available to use, I have deep problems with this view. Protecting a name isn’t just about registering it as a trade mark. It’s more about checking that the name may be safely claimed.
If an agency is entrusted with creating a new brand identity, it’s reasonable for the client to expect that you will offer up names they have a fighting chance of using. This means doing some of the trade mark searches yourself, albeit leaving the full clearance searching to the lawyers.
While specialist full clearance searches might be left to the client to arrange with its own lawyers, any business choosing a new name for its clients does have a responsibility to ensure the name is legally available.
Understanding the legal requirements is essential if the selected name is to stand up to legal scrutiny. There are a number of searches that agencies should and could perform on a name – beyond a simple Google or .com search, which is often all that is done. If you fail to provide names which don’t even stand up to the most basic legal scrutiny, what is the client paying for when it pays to have a name created?
And, importantly, how does that reflect on your agency if a problem later arises?
The client’s responsibility when protecting their brand identity
Many clients don’t ask lawyers to do full clearance searches before applying for trade mark protection simply because they don’t realise this is an essential step in the process, rather than an optional step.
As clients frequently choose to not do further searches on names, (possibly because they have spent all their available budget on the brand identity work), it’s even more important for branding agencies to do “good enough” checks of names before proposing them to clients. Otherwise, what’s the point of branding a name the client can’t own? It would be building their business on a foundation of sand.
On one occasion when we were provided with a shortlist of six names by a designer, we found that the most basic search of the trade mark registers knocked out four of the names immediately. So, effectively, the client only had two names to choose from, and they were not the first choices on the list.
I hate to think what might have happened if the client hadn’t asked us to do clearance searches on the names. It might have gone with one of the names that were infringing with all the associated problems and risks.
This is why I would urge agencies to learn how to do some basic checks of the trade mark registers whenever they are creating a new identity for their clients. Indeed, a good agency should also perform its own checks on a name the client proposes using, even if the agency didn’t choose the name.
Again, it’s important to remember you’re not protected simply by virtue of registering a trade mark.
Taking steps to protect intellectual property
The identity of any well-known brand comprises a variety of elements. Trade mark law encompasses the name, and also any taglines, slogans, logos, designs, product shapes, sounds, smells, colours, and other features that distinguish a product or service from its competitors.
Bear in mind that whenever you turn an idea into a product or service you’re also creating intellectual property assets. Copyright law is highly relevant in brand creation. Therefore, copyright and other intellectual property issues need to be top of mind in the early stages of identity creation.
However, the primary identity of any successful brand is inevitably in its name. Protecting the future value of a business involves protecting the name, and also taking account of IP as a whole.
An agency should create internal processes to ensure names are properly checked out before any short list of names is offered to the client.
There are three steps that any business should take to protect its intellectual property if it is to build value, and avoid disasters such as the need to change its identity.
Imagine having to rebrand due to problems with a name or copyright work. While this might seem unimaginable for the likes of the world’s top brands, problems around names and IP can affect even them.
For example, Microsoft had to rebrand after being ordered to do so by a UK court for infringing on a trade mark owned by British Sky Broadcasting Group (BSkyB).
”Changing the name of a product as loved as SkyDrive wasn’t easy,” Microsoft’s Ryan Gavin reportedly told a journalist.
The value and safety of your own and your client’s intellectual property is more important than ever before. Do it right and the intangible assets you create could be worth far more than the cost of producing them. Do it wrong and you could miss vital opportunities, have your true value stolen or find yourself on the wrong side of an intellectual property dispute.
To find out how to protect your own agency’s intellectual property and that of your clients register your interest to learn about IP Fundamentals including the Azrights Naming course.
A recent decision of the EU General Court highlights the potential dangers of adopting brands which mimic the “look and feel” of famous brands without using the same word mark or primary device feature.
In this case, Hasmik Nersesyan, a business in Belgium, filed an EUTM application for the above figurative mark featuring the words COFFEE ROCKS within a black and white circular disk device in the centre of which is placed a musical note, the end of which has the shape of a coffee bean. That coffee bean shape also appears in a much smaller size on either aside of the ring within the disk. The EUTM application sought protection for coffee services in trade mark class 43.
When the EUTM application was published by the EUIPO, it was opposed by Starbucks on the basis of a number of its earlier EU and UK trade mark registrations, including its well-known STARBUCKS COFFEE device mark, shown above. Starbucks’ earlier registered marks are protected for identical coffee/cafe services.
Opposition Division of EUIPO
The EUIPO Opposition Division rejected the opposition on the basis that the marks of both sides were dissimilar. This decision was upheld on appeal by the EUIPO Board of Appeal. Now for a brief word on the legal nub of this dispute.
Under EU trade mark law, in order to win a case in which the claimant argues that there is a likelihood of confusion between two marks, the claimant must first show that the marks in question are either identical or similar. It doesn’t matter how famous the claimant’s mark or how similar the products or services may be unless you first show that the marks are identical or similar. If the marks are held to be dissimilar it is “game over”, so to speak, for the claimant. The same approach applies too for the separate legal claim that the defendant’s mark takes unfair advantage of or damages the reputation of the claimant’s famous mark: unless the marks at issue are identical or similar, the fame or unfairness of the defendant’s conduct is irrelevant.
As a consequence, in order to win trade mark cases in the EU, including involving EUTMs, it is vital to win the argument that the marks at issue are identical or similar. Let’s get back now to the decision in STARBUCKS/COFFEE ROCKS.
Board of Appeal of EUIPO
Perhaps not surprisingly, when the EUIPO Board of Appeal looked at the marks in question, it concluded that the elements in common – the word “COFFEE”, the circular device shape, and the similar font type – was not enough to make them similar. It took the view that the overall impression given by both marks was dissimilar. This is because it decided that the main elements of both marks were different: different as to the word elements STARBUCKS COFFEE/COFFEE ROCKS, and the figurative elements: a mermaid versus a musical note.
Starbucks Appeal to EU General Court
However, when Starbucks appealed to the EU General Court, they succeeded in overturning the decision that the marks were dissimilar. Suddenly, dissimilar marks were declared similar!
The General Court agreed with Starbucks that despite the fact that the word marks (STARBUCKS COFFEE v COFFEE ROCKS) and figurative elements (mermaid v musical note) were different, there were nevertheless some similarities between the trade marks. These were: the overall general appearance (based on the the same colour and shape), the fact that the word “COFFEE” was in common, and even the fact that there was some phonetic similarity between the word elements “BUCKS” and “ROCKS” (which might seem a little far-fetched for English speakers).
As a consequence, the General Court decided that the EUIPO Board of Appeal was wrong to have ruled out even a low degree of similarity between the trade marks. It therefore has sent the case back to the EUIPO to consider Starbucks’ claims of confusion and unfair advantage in light of its finding that there was at least some similarity of marks. We shall have to wait and see what the EUIPO Board of Appeal decides after it has taken in to account these findings of the EU General Court.
Point of interest
Although this legal ruling does not break new ground, it is a warning to businesses that might be tempted to mimic a famous brand as part of their own branding. Although the defendant in this case – Hasmik Nersesyan – might have assumed, perhaps reasonably, that by avoiding any reference to the word mark STARBUCKS or the mermaid device, and instead merely using elements such as general shape and font style which reflected the STARBUCKS registered marks, he would avoid a trade mark conflict with Starbucks, this decision of the EU General Court demonstrates that even just a low level of similarity between trade marks might be sufficient in law to lead to a finding that two trademarks are similar.
What, to the average consumer, might be regarded as dissimilar will not necessarily be the same in a trademark dispute before the courts or the trademark registry.
The take-home point here is clear: before you use or apply to register a trademark which arguably mimics a well-known or famous brand, even only as to background or general features, you should seek professional advice as to whether your brand might lead to a conflict or dispute with the earlier mimicked brand.
Here at Azrights, we have the expertise to advise you as to the clearance, protection, and enforcement of your brands.
The first thing you need to do when you have an idea for a new product, service, or business is to find a name for it.
It’s well worth consulting an expert in trademarks to help you choose a name, and to establish whether your proposed name is legally available to use, and most importantly, whether it is distinctive enough to function as a trademark.
Descriptive names are not capable of trademark protection. Think of Tesco’s Clubcard for example. Tesco has been unsuccessful in its bid to register Clubcard as a trademark for its loyalty card scheme because the registry considered Clubcard too descriptive. That means any business is free to use the name Clubcard for its loyalty card program.
If a name isn’t descriptive, then the next thing is to do some full clearance searches to make sure the name is legally available. At the least do these checks to cover your home market in the UK.
If the name is legally available it means you can protect it and have exclusive rights over it. However, registration alone is not enough because trade mark registrations can be cancelled if someone with better rights over the name objects to your registration.
Once it’s clear the name is legally available, it means you can have a unique online brand. If others are “passing off” your brand by registering your name as a domain, you are in a strong position to recover it from them.
What if you haven’t taken advice. What if you find you can’t use the name you’ve been using for the past 10 years for your company’s successful service, or brilliant product? Your business could suffer a substantial drop in revenues overnight.
When a business is unlucky enough to be required to rebrand the costs can be significant. You could potentially suffer a substantial drop in revenues, as it is not always feasible to redirect the old domain name to your new domain. That makes it more difficult for your former customers or potential new ones to find you when searching online. .
Trademarks reduce the risk of consumers being confused about the source or origin of goods or services they buy. So, be sure to get good advice before you start using a new name. Here at Azrights we have substantial experience in all things trademark related, so do contact us if you have a trademark issue you would like help with.
When you’re starting any new venture it’s a good idea to ask yourself some searching questions. Why are you in business? Or why are you planning to start one? What’s the motivation driving it? Are you aiming to make it big? Would you aspire to be the next Richard Branson or Anita Roddick? Or are you just intending to be self-employed? Certainly, when I founded my law firm, Azrights 13 years ago I just wanted to work flexibly around my two daughters so I could be there for them instead of handing over to a nanny to raise them.
The current system of registration for UK based data controllers was replaced by the UK’s Information Commissioner’s Office (“ICO”) with effect from 25 May 2018.
Every organisation is affected by Europe’s new General Data Protection Regulation or GDPR as it’s known. I’m sure you’ve heard plenty about it.
Back in 1987 when I joined Reuters as a relatively junior lawyer, one of my first assignments was to audit the company’s data processing activities. I spent a few months visiting senior managers’ offices around Reuters to explain the new laws in a bid to understand the data each section was collecting and storing. I would tick off various charts in the process. I no longer remember what else I did to ensure Reuters would be compliant with the Data Protection Act 1984, but it was a simple exercise compared to GDPR.
These days, any of us can be a blogger. All you need is somewhere to post your content, and an interesting angle on life – be it sports, politics, travel, food, music, you name it – you can blog your perspective on it. What’s more, you can attract a worldwide audience of thousands or even millions.
GDPR is all about introducing greater transparency, increased accountability and enhanced privacy rights for all of us. For example, we can manage our permissions to tech platforms as a result of being notified about the data they hold and collect on us. These new rights are necessary in a world where the likes of 
While every agency understands how to use the creative process to create a brand name, few understand the legal implications of choosing one name over another.
A recent decision of the EU General Court highlights the potential dangers of adopting brands which mimic the “look and feel” of famous brands without using the same word mark or primary device feature.
The first thing you need to do when you have an idea for a new product, service, or business is to find a name for it.